From: http://blog.cryptographyengineering.com/2012/06/bad-couple-of-years-for-cryptographic.html
"Here's the postage stamp version: due to a perfect storm of (subtle, but not novel) cryptographic flaws, an attacker can extract sensitive keys from several popular cryptographic token devices. This is obviously not good, and it may have big implications for people who depend on tokens for their day-to-day security. [...] The more specific (and important) lesson for cryptographic implementers is: if you're using PKCS#1v1.5 padding for RSA encryption, cut it out. Really. This is the last warning you're going to get." Direct link to the paper: http://hal.inria.fr/docs/00/70/47/90/PDF/RR-7944.pdf - Efficient Padding Oracle Attacks on Cryptographic Hardware by Bardou, Focardi, Kawamoto, Simionato, Steel and Tsay -- Noon Silk Fancy a quantum lunch? https://sites.google.com/site/quantumlunch/ "Every morning when I wake up, I experience an exquisite joy — the joy of being this signature." _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
