Why the exponent 3 error happened:
James A. Donald
jamesd at echeque.com
Fri Sep 15 22:30:52 EDT 2006
--
James A. Donald wrote:
>> Code is going wrong because ASN.1 can contain
>> complicated malicious information to cause code to go
>> wrong. If we do not have that information, or simply
>> ignore it, no problem.
Ben Laurie wrote:
> This is incorrect. The simple form of the attack is
> exactly as described above - implementations ignore
> extraneous data after the hash. This extraneous data
> is _not_ part of the ASN.1 data.
But it is only extraneous because ASN.1 *says* it is
extraneous.
If you ignore the ASN.1 stuff, treat it as just
arbitrary padding, you will not get this problem. You
will look at the rightmost part of the data, the low
order part of the data, for the hash, and lo, the hash
will be wrong!
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
UXewrm6/A/3rklAbGfwShB29YFqjqqWLa3AU+htK
4Xf+hOFyYI4Pv0jWjzDC226z/LHorwYhZlhfNvl2z
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list