[20465] in bugtraq
Re: OpenSSL-0.9.6a has security fixes
daemon@ATHENA.MIT.EDU (Dan Riley)
Thu Apr 26 13:36:41 2001
Message-ID: <shvgnrk8ej.fsf@lns130.lns.cornell.edu>
Date: Thu, 26 Apr 2001 11:06:28 -0400
Reply-To: dsr@MAIL.LNS.CORNELL.EDU
From: Dan Riley <dsr@MAIL.LNS.CORNELL.EDU>
X-To: Ariel Waissbein <core.lists.bugtraq@CORE-SDI.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Ariel Waissbein's message of "Wed, 25 Apr 2001 15:33:13 -0300"
Ariel Waissbein <core.lists.bugtraq@CORE-SDI.COM> writes:
> There seems to be an typo in the following post. It is RSA and not DSA.
> The source, OpenSSL's webpage, has the same typo. Refer to
> http://www.securityfocus.com/bid/2344
> (or http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm).
[...]
> Jim Knoble wrote:
> > This doesn't seem to have been announced here: OpenSSL-0.9.6a appears
> [snip]
> > - Security fix: prevent Bleichenbacher's DSA attack.
>
> it should be Bleichenbacher's RSA attack and not DSA
Bleichenbacher did find a theoretical (but not very practical to
exploit) bias in the DSA recommended method of selecting k [1],
and that bias is fixed in OpenSSL-0.9.6a:
*) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
Bleichenbacher's DSA attack.
[1] http://www.infoworld.com/articles/hn/xml/01/02/05/010205hndsa.xml
http://www.mail-archive.com/coderpunks@toad.com/msg04228.html
--
Dan Riley dsr@mail.lns.cornell.edu
Wilson Lab, Cornell University <URL:http://www.lns.cornell.edu/~dsr/>
"History teaches us that days like this are best spent in bed"
