[44251] in cryptography@c2.net mail archive
Re: A note on vendor reaction speed to the e=3 problem
daemon@ATHENA.MIT.EDU (Jack Lloyd)
Mon Sep 18 14:33:06 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 18 Sep 2006 11:27:23 -0400
From: Jack Lloyd <lloyd@randombit.net>
To: cryptography@metzdowd.com
Mail-Followup-To: cryptography@metzdowd.com
In-Reply-To: <20060915134816.GA23796@jabberwocky.com>
On Fri, Sep 15, 2006 at 09:48:16AM -0400, David Shaw wrote:
> GPG was not vulnerable, so no fix was issued. Incidentally, GPG does
> not attempt to parse the PKCS/ASN.1 data at all. Instead, it
> generates a new structure during signature verification and compares
> it to the original.
Botan does the same thing for (deterministic) encodings - mostly
because I wrote a decoder for PKCS#1 v1.5, realized it probably had
bugs I wouldn't figure out until too late, and this way the worst
thing that can happen is a valid signature is rejected due to having
some unexpected but legal encoding. Default deny and all that.
Anyway, it's a lot easier to write that way - my PSS verification code
is probably around twice the length of the PSS generation code, due to
the need to check every stupid little thing.
-Jack
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com