On Mon, 13 Jun 2016 21:46:19 +0200 Manuel Kraus <[email protected]> wrote: > http://shorty.is/pfsvuln > > We'll see...
This sounds pretty much like the attack from Lenstra against RSA CRT optimizations. Florian Weimer did some research against practically vulnerable implementations last year: https://access.redhat.com/blogs/766093/posts/1976703 While I'm certainly interested to learn more about these results one should be clear what this is: a) it requires an implementation which occassionally creates faulty results (due to hw failures, software bugs etc.) b) it can be entirely prevented by checking the result of a CRT optimization (or by avoiding to use it in the first place). And it has only to do with PFS in the sense that it affects RSA signatures. -- Hanno Böck https://hboeck.de/ mail/jabber: [email protected] GPG: BBB51E42
pgpeg4MMJQXIU.pgp
Description: OpenPGP digital signature
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
