[Ach] some thoughts on POODLE, BERserk etc.
Hanno Böck
hanno at hboeck.de
Tue Nov 4 23:01:47 CET 2014
Am Tue, 04 Nov 2014 21:47:55 +0000
schrieb ianG <iang at iang.org>:
> Nice article!!
>
> I use e=3, is it fundamentally broken? Or just in cohoots with pkcs
> 1.5?
Basically I think the only practical attack on it is related to a
combination of pkcs #1 1.5, e=3 and a broken implementation.
(there's another attack against "plain" rsa that relies on small
exponents - but plain rsa is a no-go in so many ways this doesn't
really count)
However it feels to me that it's generally to be considered a risky
choice.
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20141104/f19cb6bd/attachment.sig>
More information about the Ach
mailing list