[43712] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Why the exponent 3 error happened:

daemon@ATHENA.MIT.EDU (Ben Laurie)
Sat Sep 16 15:36:33 2006

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 16 Sep 2006 10:07:14 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: "James A. Donald" <jamesd@echeque.com>
Cc: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <450B61DC.9060303@echeque.com>

James A. Donald wrote:
>     --
> James A. Donald wrote:
>>> Code is going wrong because ASN.1 can contain
>>> complicated malicious information to cause code to go
>>> wrong.  If we do not have that information, or simply
>>> ignore it, no problem.
> 
> Ben Laurie wrote:
>> This is incorrect. The simple form of the attack is
>> exactly as described above - implementations ignore
>> extraneous data after the hash. This extraneous data
>> is _not_ part of the ASN.1 data.
> 
> But it is only extraneous because ASN.1 *says* it is
> extraneous.
> 
> If you ignore the ASN.1 stuff, treat it as just
> arbitrary padding, you will not get this problem.  You
> will look at the rightmost part of the data, the low
> order part of the data, for the hash, and lo, the hash
> will be wrong!

If you ignore the ASN.1 stuff then you won't know what hash to calculate.

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post