Why the exponent 3 error happened:
Ben Laurie
ben at algroup.co.uk
Sat Sep 16 05:07:14 EDT 2006
James A. Donald wrote:
> --
> James A. Donald wrote:
>>> Code is going wrong because ASN.1 can contain
>>> complicated malicious information to cause code to go
>>> wrong. If we do not have that information, or simply
>>> ignore it, no problem.
>
> Ben Laurie wrote:
>> This is incorrect. The simple form of the attack is
>> exactly as described above - implementations ignore
>> extraneous data after the hash. This extraneous data
>> is _not_ part of the ASN.1 data.
>
> But it is only extraneous because ASN.1 *says* it is
> extraneous.
>
> If you ignore the ASN.1 stuff, treat it as just
> arbitrary padding, you will not get this problem. You
> will look at the rightmost part of the data, the low
> order part of the data, for the hash, and lo, the hash
> will be wrong!
If you ignore the ASN.1 stuff then you won't know what hash to calculate.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list