Daniel Bleichenbachers Padding Oracle Attack optimized  
26.6.12, 15:59 - Dies und Das
Ever thought of using a small USB RSA Credential for logging in your secure areas?
bad idea
Romain Bardou, Riccardo Focardi, Yusuke Kawamoto, Lorenzo Simionato, Graham Steel, Joe-Kai Tsay describe fast a way to hack the secret key out of many of those little devices. The security issue was discovered by Daniel Bleichenbacher in 98 (=known for a long time), but never fixed. The new discoveries speed up the attack, so a key can be hacked in 13 minutes [source]

as always in the history of cryptography, it's just a bad implementation of a good idea (called RSA-PKCS#1v1.5 ).

To get a detailed (understandable) description, read M. Greens blog
http://blog.cryptographyengineering.com ... aphic.html



Kommentar hinzufügen