Date: Tue, 05 Sep 2006 09:08:10 -0700 From: Colin Percival <cperciva@freebsd.org> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-security@freebsd.org Subject: Re: http://www.openssl.org/news/secadv_20060905.txt Message-ID: <44FDA0EA.5050409@freebsd.org> In-Reply-To: <7.0.1.0.0.20060905105253.149db9a8@sentex.net> References: <7.0.1.0.0.20060905105253.149db9a8@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Tancsa wrote: > Does anyone know the practicality of this attack ? i.e. is this trivial > to do ? I'm as surprised by this as you are -- usually I get advance warning about upcoming OpenSSL issues via vendor-sec -- but on first glance it looks like this attack is indeed trivial. Also, it looks like the attack isn't limited to keys with a public exponent of 3; unless I misunderstand the bug, it affects small exponents generally. An exponent of 17 on a 4096-bit key is almost certainly vulnerable; beyond that I would need to read the ASN code to confirm. Keys with a public exponent of 65537 are absolutely not vulnerable to this attack. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44FDA0EA.5050409>