James A. Donald wrote: > -- > James A. Donald wrote: >>> Code is going wrong because ASN.1 can contain >>> complicated malicious information to cause code to go >>> wrong. If we do not have that information, or simply >>> ignore it, no problem. > > Ben Laurie wrote: >> This is incorrect. The simple form of the attack is >> exactly as described above - implementations ignore >> extraneous data after the hash. This extraneous data >> is _not_ part of the ASN.1 data. > > But it is only extraneous because ASN.1 *says* it is > extraneous. > > If you ignore the ASN.1 stuff, treat it as just > arbitrary padding, you will not get this problem. You > will look at the rightmost part of the data, the low > order part of the data, for the hash, and lo, the hash > will be wrong!
If you ignore the ASN.1 stuff then you won't know what hash to calculate. -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
