[Ach] some thoughts on POODLE, BERserk etc.

ianG iang at iang.org
Tue Nov 4 22:47:55 CET 2014


On 4/11/2014 20:28 pm, Hanno Böck wrote:
> Hi,
> 
> I thought the readers of this list might be interested, I did a quite
> extensive writeup what I think are the lessons from the last two SSL
> security issues POODLE and BERserk:
> https://blog.hboeck.de/archives/858-Dancing-protocols,-POODLEs-and-other-tales-from-TLS.html


Nice article!!

I use e=3, is it fundamentally broken?  Or just in cohoots with pkcs 1.5?

(I was warned off 1.5, and what I do is a blinding phase then the RSA
phase, rather that OAEP or pkcs 2.  Homebrew crypto so fun but scary.)


iang



More information about the Ach mailing list