[Ach] Is PFS broken?

Hanno Böck hanno at hboeck.de
Tue Jun 14 07:26:29 CEST 2016

On Mon, 13 Jun 2016 21:46:19 +0200
Manuel Kraus <ach at lsd.is> wrote:

> http://shorty.is/pfsvuln
> We'll see...

This sounds pretty much like the attack from Lenstra against RSA CRT

Florian Weimer did some research against practically vulnerable
implementations last year:

While I'm certainly interested to learn more about these results one
should be clear what this is:
a) it requires an implementation which occassionally creates faulty
results (due to hw failures, software bugs etc.)
b) it can be entirely prevented by checking the result of a CRT
optimization (or by avoiding to use it in the first place).

And it has only to do with PFS in the sense that it affects RSA

Hanno Böck

mail/jabber: hanno at hboeck.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20160614/457a1519/attachment.sig>

More information about the Ach mailing list