[43396] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

RE: Real World Exploit for Bleichenbachers Attack on SSL

daemon@ATHENA.MIT.EDU (Erik Tews)
Fri Sep 15 08:54:04 2006

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: Erik Tews <e_tews@cdc.informatik.tu-darmstadt.de>
To: t.acar@computer.org
Cc: "'Cryptography'" <cryptography@metzdowd.com>
In-Reply-To: <001d01c6d887$1d8e2fc0$0a00a8c0@tolginator>
Date: Fri, 15 Sep 2006 08:02:12 +0200


--=-9ILKnnQkfyOUA8rzDW7c
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Am Donnerstag, den 14.09.2006, 22:23 -0700 schrieb Tolga Acar:
> You need to have one zero octet after bunch of FFs and before DER encoded
> has blob in order to have a proper PKCS#1v1.5 signature encoding.
>=20
> Based on what you say below, "I used this cert and my key to sign an
> end-entity certificate which I used to set up an webserver", it appears t=
hat
> implementations you used don't check for this one zero octet, either.

Yes, I have, I counted this to the ASN1DataWithHash part. I did not
theck if it works without.

--=-9ILKnnQkfyOUA8rzDW7c
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: Dies ist ein digital signierter Nachrichtenteil

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQBFCkHk1V7s4RB7CAcRArLTAJ4piifjkS7hfVKgvgwGKNeWDseVYgCfbQyx
CEQC1sCED+7uLTmaB3yCFsI=
=5ptv
-----END PGP SIGNATURE-----

--=-9ILKnnQkfyOUA8rzDW7c--


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post