[Cryptography] BitCoin bug reported
James A. Donald
jamesd at echeque.com
Sun Feb 16 18:03:37 EST 2014
On 2014-02-16 23:18, Theodore Ts'o wrote:
> I will note that the question of multiple encodings is a very old
> problem, and we've seen it with x.509 certificates, and with Kerberos
> tickets, and many others. It's one of the reasons why I am not very
> fond of complex encoding schemes, such as ASN.1, when used in complex
> cryptographic protocols. Yes, such protocols are extensible, which is
> wonderful from a protocol author's point of view. From the point of
> view of an attacker looking for mistakes engendered by all that
> complexity, it is even more wonderful....
Surely unaligned ASN.1 CANONICAL-PER is fine, for the things that will
be parsed are defined at compile time, limiting run time complexity.
One cannot send a structure that the recipient has not been compiled to
understand.
More information about the cryptography
mailing list