On 27 January 2013 21:34, Patrick Mylund Nielsen
wrote:
> I don't understand how you can accidentally check in ~/.ssh to your
> repository, or at least not notice afterwards. Hopefully the OpenSSL authors
> won't do that!
If you keep ~ in a git repo it is surprisingly easy ;)
--
Eitan Adler
__
I don't understand how you can accidentally check in ~/.ssh to your
repository, or at least not notice afterwards. Hopefully the OpenSSL
authors won't do that!
On Sun, Jan 27, 2013 at 9:29 PM, wrote:
>
> offtopic to list purpose, but perhaps timely to this thread
>
>
> http://www.webmonkey.com/
offtopic to list purpose, but perhaps timely to this thread
http://www.webmonkey.com/2013/01/users-scramble-as-github-search-exposes-passwords-security-details/
--dan
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net
Ryan Sleevi writes:
>Did you just suggest that the timing channels in PKCS#1 v1.5 are easier to
>get right than the timing channels of OAEP?
Yup.
>The same PKCS#1 v1.5 encryption that's confounding people a decade [1] after
>the original attacks [2]?
You're confusing two things, an implementa
On 13-01-26 08:53 PM, Peter Gutmann wrote:
> ianG writes:
>
>> Could OAEP be considered reasonable for signatures?
>
> You need to define "appropriate". For example if you mean "interoperable"
> then OAEP isn't even appropriate for encryption, let alone signatures. If
> you're worried about t
James Muir wrote:
PSS is similar to OAEP, but is for signatures. If you have OAEP
implemented, then it wouldn't take you long to do PSS, which is
described in the PKCS-1v2.1 document.
This is the answer I suspected in reading the original post question.
Hacking OAEP into a signature scheme
The RSA private key timing attack is much more likely than on padding
because the cost is so much higher. Bleichenbacher like adaptive attacks
are not so much timing as error code attacks (app is too chatty about
whether padding was well formed afte decryption), so thats a separate issue.
For RS
On 27/01/13 04:53 AM, Peter Gutmann wrote:
ianG writes:
Could OAEP be considered reasonable for signatures?
You need to define "appropriate". For example if you mean "interoperable"
then OAEP isn't even appropriate for encryption, let alone signatures.
Oh, interoperable is not an issue.
