[43712] in cryptography@c2.net mail archive
Re: Why the exponent 3 error happened:
daemon@ATHENA.MIT.EDU (Ben Laurie)
Sat Sep 16 15:36:33 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 16 Sep 2006 10:07:14 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: "James A. Donald" <jamesd@echeque.com>
Cc: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <450B61DC.9060303@echeque.com>
James A. Donald wrote:
> --
> James A. Donald wrote:
>>> Code is going wrong because ASN.1 can contain
>>> complicated malicious information to cause code to go
>>> wrong. If we do not have that information, or simply
>>> ignore it, no problem.
>
> Ben Laurie wrote:
>> This is incorrect. The simple form of the attack is
>> exactly as described above - implementations ignore
>> extraneous data after the hash. This extraneous data
>> is _not_ part of the ASN.1 data.
>
> But it is only extraneous because ASN.1 *says* it is
> extraneous.
>
> If you ignore the ASN.1 stuff, treat it as just
> arbitrary padding, you will not get this problem. You
> will look at the rightmost part of the data, the low
> order part of the data, for the hash, and lo, the hash
> will be wrong!
If you ignore the ASN.1 stuff then you won't know what hash to calculate.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com