Thierry Moreau <thierry.mor...@connotech.com> writes:
>The Bleichenbacher attack adaptation to OAEP is non-existent today and would
>be an even more significant academic result. I must assume that
>Bleichenbacher would have published results in this direction if his research
>would have given those.
Bleichenbacher didn't, but Manger did more than a decade ago:
However, the design of RSAES-OAEP makes it highly likely that
implementations will leak information between the decryption and integrity
check operations making them susceptible to a chosen ciphertext attack that
requires many orders of magnitude less effort than similar attacks against
PKCS #1 v1.5 block type 2 padding.
-- "A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding
(OAEP) as Standardized in PKCS #1 v2.0"
Peter.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
