[Ach] some thoughts on POODLE, BERserk etc.
ianG
iang at iang.org
Tue Nov 4 22:47:55 CET 2014
On 4/11/2014 20:28 pm, Hanno Böck wrote:
> Hi,
>
> I thought the readers of this list might be interested, I did a quite
> extensive writeup what I think are the lessons from the last two SSL
> security issues POODLE and BERserk:
> https://blog.hboeck.de/archives/858-Dancing-protocols,-POODLEs-and-other-tales-from-TLS.html
Nice article!!
I use e=3, is it fundamentally broken? Or just in cohoots with pkcs 1.5?
(I was warned off 1.5, and what I do is a blinding phase then the RSA
phase, rather that OAEP or pkcs 2. Homebrew crypto so fun but scary.)
iang
More information about the Ach
mailing list