[Ach] some thoughts on POODLE, BERserk etc.
iang at iang.org
Tue Nov 4 22:47:55 CET 2014
On 4/11/2014 20:28 pm, Hanno Böck wrote:
> I thought the readers of this list might be interested, I did a quite
> extensive writeup what I think are the lessons from the last two SSL
> security issues POODLE and BERserk:
I use e=3, is it fundamentally broken? Or just in cohoots with pkcs 1.5?
(I was warned off 1.5, and what I do is a blinding phase then the RSA
phase, rather that OAEP or pkcs 2. Homebrew crypto so fun but scary.)
More information about the Ach