Deutsch | English

[Ach] some thoughts on POODLE, BERserk etc.

Hanno Böck hanno at hboeck.de
Tue Nov 4 23:01:47 CET 2014


Am Tue, 04 Nov 2014 21:47:55 +0000
schrieb ianG <iang at iang.org>:

> Nice article!!
> 
> I use e=3, is it fundamentally broken?  Or just in cohoots with pkcs
> 1.5?

Basically I think the only practical attack on it is related to a
combination of pkcs #1 1.5, e=3 and a broken implementation.
(there's another attack against "plain" rsa that relies on small
exponents - but plain rsa is a no-go in so many ways this doesn't
really count)

However it feels to me that it's generally to be considered a risky
choice.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20141104/f19cb6bd/attachment.sig>


More information about the Ach mailing list
Kontakt
Email: reports@cert.at
Tel.: +43 1 5056416 78
mehr ...
Warnungen
mehr ...
Blog
mehr ...
Jahresbericht 2017
Ein Resumee zur digitalen Sicherheitslage in Österreich

(HTML, PDF).
Letzte Änderung: 2018/5/28 - 15:00:00
Haftungsausschluss / Datenschutzerklärung