[Cryptography] Langsec & authentication
Salz, Rich
rsalz at akamai.com
Tue May 27 10:17:59 EDT 2014
> ASN.1 DER contains a turing machine in which the attacker can execute code that you never imagined.
If you are writing a generic ASN1 parser, well then, *MAYBE.* But I remain skeptical. But if you are writing a specific application that is parsing specific data structures, then no way. See, for example, Kerberos implementations and the original UMich LDAP code.
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rsalz at jabber.me; Twitter: RichSalz
More information about the cryptography
mailing list