[Ach] Is PFS broken?
Hanno Böck
hanno at hboeck.de
Tue Jun 14 07:26:29 CEST 2016
On Mon, 13 Jun 2016 21:46:19 +0200
Manuel Kraus <ach at lsd.is> wrote:
> http://shorty.is/pfsvuln
>
> We'll see...
This sounds pretty much like the attack from Lenstra against RSA CRT
optimizations.
Florian Weimer did some research against practically vulnerable
implementations last year:
https://access.redhat.com/blogs/766093/posts/1976703
While I'm certainly interested to learn more about these results one
should be clear what this is:
a) it requires an implementation which occassionally creates faulty
results (due to hw failures, software bugs etc.)
b) it can be entirely prevented by checking the result of a CRT
optimization (or by avoiding to use it in the first place).
And it has only to do with PFS in the sense that it affects RSA
signatures.
--
Hanno Böck
https://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20160614/457a1519/attachment.sig>
More information about the Ach
mailing list