A note on vendor reaction speed to the e=3 problem
James A. Donald
jamesd at echeque.com
Sat Sep 16 22:15:47 EDT 2006
--
On 9/15/06, David Shaw <dshaw at jabberwocky.com> wrote:
>> GPG was not vulnerable, so no fix was issued.
>> Incidentally, GPG does not attempt to parse the
>> PKCS/ASN.1 data at all. Instead, it generates a new
>> structure during signature verification and compares
>> it to the original.
Taral wrote:
> *That* is the Right Way To Do It. If there are
> variable parts (like hash OID, perhaps), parse them
> out, then regenerate the signature data and compare it
> byte-for-byte with the decrypted signature. Anything
> you don't understand/control that might be variable
> (e.g. options) is eliminated by this process.
>
> I don't think there's anything inherently wrong with
> ASN.1 DER in crypto applications.
If there are no options, you are not using ASN.1 DER.
You are using some random padding bytes that happen to
be equal to ASN.1 DER.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
mMZpx7gaL6S/5STlYWv0A0ZM+HqCZSD2m0ClWjxL
4UR16e+x3Uv/VW8C0Swxx9XMPtH99PEBNIc6BzpkQ
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list