A note on vendor reaction speed to the e=3 problem
Taral
taralx at gmail.com
Fri Sep 15 22:04:48 EDT 2006
On 9/15/06, David Shaw <dshaw at jabberwocky.com> wrote:
> GPG was not vulnerable, so no fix was issued. Incidentally, GPG does
> not attempt to parse the PKCS/ASN.1 data at all. Instead, it
> generates a new structure during signature verification and compares
> it to the original.
*That* is the Right Way To Do It. If there are variable parts (like
hash OID, perhaps), parse them out, then regenerate the signature data
and compare it byte-for-byte with the decrypted signature. Anything
you don't understand/control that might be variable (e.g. options) is
eliminated by this process.
I don't think there's anything inherently wrong with ASN.1 DER in
crypto applications.
--
Taral <taralx at gmail.com>
"You can't prove anything."
-- Gödel's Incompetence Theorem
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list