[cryptography] Key extraction from tokens (RSA SecurID, etc) via padding attacks on PKCS#1v1.5

Noon Silk noonslists at gmail.com
Sat Jun 30 23:11:49 EDT 2012

From: http://blog.cryptographyengineering.com/2012/06/bad-couple-of-years-for-cryptographic.html

"Here's the postage stamp version: due to a perfect storm of (subtle,
but not novel) cryptographic flaws, an attacker can extract sensitive
keys from several popular cryptographic token devices. This is
obviously not good, and it may have big implications for people who
depend on tokens for their day-to-day security. [...] The more
specific (and important) lesson for cryptographic implementers is: if
you're using PKCS#1v1.5 padding for RSA encryption, cut it out.
Really. This is the last warning you're going to get."

Direct link to the paper:
http://hal.inria.fr/docs/00/70/47/90/PDF/RR-7944.pdf - Efficient
Padding Oracle Attacks on Cryptographic Hardware by Bardou, Focardi,
Kawamoto, Simionato, Steel and Tsay

Noon Silk

Fancy a quantum lunch? https://sites.google.com/site/quantumlunch/

"Every morning when I wake up, I experience an exquisite joy — the joy
of being this signature."

More information about the cryptography mailing list