This Post Brought to You By The Number 3, and The Letters and S and L
There’s a fascinating discussion of the intersection of cryptanalysis, specification and flexibility, all of it stemming from yet another SSL attack by Bleichenbacher [link to http://www.bell-labs.com/user/bleichen/ no longer works]. The best posts are over at Matasano [link to http://www.matasano.com/log/ no longer works] :
- Many RSA Signatures May Be Forgeable In OpenSSL and Elsewhere [http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/ ]
- Mozilla Falls to RSA Forgery Attack [ http://www.matasano.com/log/499/mozilla-falls-to-rsa-forgery-attack/ ]
- RSA Signature Forgery Explained (with Nate Lawson) – Part I [ http://www.matasano.com/log/486/rsa-signature-forgery-explained-with-nate-lawson-part-i/ ], Part II [ http://www.matasano.com/log/487/rsa-signature-forgery-explained-with-nate-lawson-part-ii/ ], and Part III [ http://www.matasano.com/log/489/rsa-signature-forgery-explained-with-nate-lawson-part-iii/ ].
- Halvar Flake and Nate Lawson on Alternative Padding Schemes [ http://www.matasano.com/log/495/halvar-flake-and-nate-lawson-on-alternative-padding-schemes/ ]
Tom claimed on Thursday that they’d have part 4 up “tonight.” I guess winter nights are long in Illinois.
Bliechenbacher link is dead.
I before E except after BL.
Link here
http://www.bell-labs.com/user/bleichen/
Fixed those, thanks!
PS: “L” is 66% similar to “C” in shape, and so the rule applies 33% of the time. 😉