You are about to undo an edit. Please check the comparison below to verify that this is what you want to do, then publish the changes below to finish undoing the edit. If you are undoing an edit that is not vandalism, explain the reason in the edit summary. Do not use the default message only. |
Latest revision | Your text | ||
Line 78: | Line 78: | ||
== Attacks == |
== Attacks == |
||
Multiple attacks were discovered against PKCS #1 v1.5 |
Multiple attacks were discovered against PKCS #1 v1.5. The padding scheme is vulnerable to well-known [[padding oracle attack]]s.<ref name="Coron">{{cite book|author=Jean-Sébastien Coron, Marc Joye, [[David Naccache]], and Pascal Paillier|title=Advances in Cryptology — EUROCRYPT 2000 |volume=1807|publisher=[[EUROCRYPT]]|year=2000|pages=369–381|url=https://www.iacr.org/archive/eurocrypt2000/1807/18070374-new.pdf|doi=10.1007/3-540-45539-6|isbn=978-3-540-67517-4|series=Lecture Notes in Computer Science|s2cid=8447520}}</ref><ref name="Bard12"/> |
||
In 1998, [[Daniel Bleichenbacher]] published a seminal paper on what became known as [[Adaptive chosen-ciphertext attack#Practical attacks|Bleichenbacher's attack]] (also known as "million message attack") |
In 1998, [[Daniel Bleichenbacher]] published a seminal paper on what became known as [[Adaptive chosen-ciphertext attack#Practical attacks|Bleichenbacher's attack]] (also known as "million message attack").<ref name="Bard12">{{cite thesis |
||
| url=https://hal.inria.fr/hal-00691958v3 |
| url=https://hal.inria.fr/hal-00691958v3 |
||
| title=Efficient Padding Oracle Attacks on Cryptographic Hardware |
| title=Efficient Padding Oracle Attacks on Cryptographic Hardware |
||
Line 89: | Line 89: | ||
| page=19| type=report |
| page=19| type=report |
||
}}</ref><ref>{{IETF RFC|3218}} – Preventing the Million Message Attack on Cryptographic Message Syntax</ref> PKCS #1 was subsequently updated in the release 2.0 and patches were issued to users wishing to continue using the old version of the standard.<ref name="Coron"/> However, the vulnerable padding scheme remains in use and has resulted in subsequent attacks: |
}}</ref><ref>{{IETF RFC|3218}} – Preventing the Million Message Attack on Cryptographic Message Syntax</ref> PKCS #1 was subsequently updated in the release 2.0 and patches were issued to users wishing to continue using the old version of the standard.<ref name="Coron"/> However, the vulnerable padding scheme remains in use and has resulted in subsequent attacks: |
||
* Bardou ''et al.'' (2012) find that several models of [[PKCS 11]] tokens still use the v1.5 padding scheme for RSA. They propose an improved version of Bleichenbacher's attack that requires fewer messages. As a result of this improvement, they managed to extract the secret key from several models in under an hour |
* Bardou ''et al.'' (2012) find that several models of [[PKCS 11]] tokens still use the v1.5 padding scheme for RSA and AES-CBC. They propose an improved version of Bleichenbacher's attack that requires fewer messages. As a result of this improvement, they managed to extract the secret key from several models in under an hour.<ref name="Bard12"/><ref>{{cite web |title=A bad couple of years for the cryptographic token industry |url=https://blog.cryptographyengineering.com/2012/06/21/bad-couple-of-years-for-cryptographic/ |website=A Few Thoughts on Cryptographic Engineering |language=en |date=21 June 2012}}</ref> |
||
* Böck ''et al.'' (2018) report that many modern [[HTTPS]] servers are vulnerable to a variation of the attack. TLS 1.2 contains anti-Bleichenbacher countermeasures, but the workarounds are not correctly implemented in many software due to their sheer complexity.<ref>{{Cite web |url = https://robotattack.org |title = ROBOT attack: Return Of Bleichenbacher's Oracle Threat |author=Hanno Böck |author2=Juraj Somorovsky |author3=Craig Young |access-date = February 27, 2018 }}</ref> |
* Böck ''et al.'' (2018) report that many modern [[HTTPS]] servers are vulnerable to a variation of the attack. TLS 1.2 contains anti-Bleichenbacher countermeasures, but the workarounds are not correctly implemented in many software due to their sheer complexity.<ref>{{Cite web |url = https://robotattack.org |title = ROBOT attack: Return Of Bleichenbacher's Oracle Threat |author=Hanno Böck |author2=Juraj Somorovsky |author3=Craig Young |access-date = February 27, 2018 }}</ref> |
||
Copy and paste: – — ° ′ ″ ≈ ≠ ≤ ≥ ± − × ÷ ← → · § Cite your sources: <ref></ref>
{{}} {{{}}} | [] [[]] [[Category:]] #REDIRECT [[]] <s></s> <sup></sup> <sub></sub> <code></code> <pre></pre> <blockquote></blockquote> <ref></ref> <ref name="" /> {{Reflist}} <references /> <includeonly></includeonly> <noinclude></noinclude> {{DEFAULTSORT:}} <nowiki></nowiki> <!-- --> <span class="plainlinks"></span>
Symbols: ~ | ¡ ¿ † ‡ ↔ ↑ ↓ • ¶ # ∞ ‹› «» ¤ ₳ ฿ ₵ ¢ ₡ ₢ $ ₫ ₯ € ₠ ₣ ƒ ₴ ₭ ₤ ℳ ₥ ₦ № ₧ ₰ £ ៛ ₨ ₪ ৳ ₮ ₩ ¥ ♠ ♣ ♥ ♦ 𝄫 ♭ ♮ ♯ 𝄪 © ® ™
Latin: A a Á á À à  â Ä ä Ǎ ǎ Ă ă Ā ā à ã Å å Ą ą Æ æ Ǣ ǣ B b C c Ć ć Ċ ċ Ĉ ĉ Č č Ç ç D d Ď ď Đ đ Ḍ ḍ Ð ð E e É é È è Ė ė Ê ê Ë ë Ě ě Ĕ ĕ Ē ē Ẽ ẽ Ę ę Ẹ ẹ Ɛ ɛ Ǝ ǝ Ə ə F f G g Ġ ġ Ĝ ĝ Ğ ğ Ģ ģ H h Ĥ ĥ Ħ ħ Ḥ ḥ I i İ ı Í í Ì ì Î î Ï ï Ǐ ǐ Ĭ ĭ Ī ī Ĩ ĩ Į į Ị ị J j Ĵ ĵ K k Ķ ķ L l Ĺ ĺ Ŀ ŀ Ľ ľ Ļ ļ Ł ł Ḷ ḷ Ḹ ḹ M m Ṃ ṃ N n Ń ń Ň ň Ñ ñ Ņ ņ Ṇ ṇ Ŋ ŋ O o Ó ó Ò ò Ô ô Ö ö Ǒ ǒ Ŏ ŏ Ō ō Õ õ Ǫ ǫ Ọ ọ Ő ő Ø ø Œ œ Ɔ ɔ P p Q q R r Ŕ ŕ Ř ř Ŗ ŗ Ṛ ṛ Ṝ ṝ S s Ś ś Ŝ ŝ Š š Ş ş Ș ș Ṣ ṣ ß T t Ť ť Ţ ţ Ț ț Ṭ ṭ Þ þ U u Ú ú Ù ù Û û Ü ü Ǔ ǔ Ŭ ŭ Ū ū Ũ ũ Ů ů Ų ų Ụ ụ Ű ű Ǘ ǘ Ǜ ǜ Ǚ ǚ Ǖ ǖ V v W w Ŵ ŵ X x Y y Ý ý Ŷ ŷ Ÿ ÿ Ỹ ỹ Ȳ ȳ Z z Ź ź Ż ż Ž ž ß Ð ð Þ þ Ŋ ŋ Ə ə
Greek: Ά ά Έ έ Ή ή Ί ί Ό ό Ύ ύ Ώ ώ Α α Β β Γ γ Δ δ Ε ε Ζ ζ Η η Θ θ Ι ι Κ κ Λ λ Μ μ Ν ν Ξ ξ Ο ο Π π Ρ ρ Σ σ ς Τ τ Υ υ Φ φ Χ χ Ψ ψ Ω ω {{Polytonic|}}
Cyrillic: А а Б б В в Г г Ґ ґ Ѓ ѓ Д д Ђ ђ Е е Ё ё Є є Ж ж З з Ѕ ѕ И и І і Ї ї Й й Ј ј К к Ќ ќ Л л Љ љ М м Н н Њ њ О о П п Р р С с Т т Ћ ћ У у Ў ў Ф ф Х х Ц ц Ч ч Џ џ Ш ш Щ щ Ъ ъ Ы ы Ь ь Э э Ю ю Я я ́
IPA: t̪ d̪ ʈ ɖ ɟ ɡ ɢ ʡ ʔ ɸ β θ ð ʃ ʒ ɕ ʑ ʂ ʐ ç ʝ ɣ χ ʁ ħ ʕ ʜ ʢ ɦ ɱ ɳ ɲ ŋ ɴ ʋ ɹ ɻ ɰ ʙ ⱱ ʀ ɾ ɽ ɫ ɬ ɮ ɺ ɭ ʎ ʟ ɥ ʍ ɧ ʼ ɓ ɗ ʄ ɠ ʛ ʘ ǀ ǃ ǂ ǁ ɨ ʉ ɯ ɪ ʏ ʊ ø ɘ ɵ ɤ ə ɚ ɛ œ ɜ ɝ ɞ ʌ ɔ æ ɐ ɶ ɑ ɒ ʰ ʱ ʷ ʲ ˠ ˤ ⁿ ˡ ˈ ˌ ː ˑ ̪ {{IPA|}}
Wikidata entities used in this page
Pages transcluded onto the current version of this page (help):
This page is a member of 7 hidden categories (help):