A note on vendor reaction speed to the e=3 problem
Jack Lloyd
lloyd at randombit.net
Mon Sep 18 11:27:23 EDT 2006
On Fri, Sep 15, 2006 at 09:48:16AM -0400, David Shaw wrote:
> GPG was not vulnerable, so no fix was issued. Incidentally, GPG does
> not attempt to parse the PKCS/ASN.1 data at all. Instead, it
> generates a new structure during signature verification and compares
> it to the original.
Botan does the same thing for (deterministic) encodings - mostly
because I wrote a decoder for PKCS#1 v1.5, realized it probably had
bugs I wouldn't figure out until too late, and this way the worst
thing that can happen is a valid signature is rejected due to having
some unexpected but legal encoding. Default deny and all that.
Anyway, it's a lot easier to write that way - my PSS verification code
is probably around twice the length of the PSS generation code, due to
the need to check every stupid little thing.
-Jack
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list