|

Programming Languages

»

»

Squeak - Cryptography

[FIX] Crypto changes

View: New views

7 Messages — Rating Filter: Alert me

	[FIX] Crypto changes by Cerebus :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message from preamble: "Change Set: Crypto changes Date: 23 November 2006 Author: Timothy J. Miller Changed e to 65537."! _______________________________________________ Cryptography mailing list Cryptography@... http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography Crypto changes.cs.gz (322 bytes) Download Attachment
	Re: [FIX] Crypto changes by Cerebus :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hey, it worked! I'm so proud of myself. :) -- Tim On 11/23/06, cerebus2@... <cerebus2@...> wrote: > from preamble: > > "Change Set: Crypto changes > Date: 23 November 2006 > Author: Timothy J. Miller > > Changed e to 65537."! > > > _______________________________________________ > Cryptography mailing list > Cryptography@... > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography > > > > _______________________________________________ Cryptography mailing list Cryptography@... http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
	RE: [FIX] Crypto changes by Ron Teitelbaum :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Thank you I posted and released your change. We still need to review our validation of e=3 signatures. Did you have a look at that? Is there any way that reading ASN.1 would stop and leave more data past the hash without throwing an error? Ron > -----Original Message----- > From: cryptography-bounces@... > [mailto:cryptography-bounces@...] On Behalf Of > cerebus2@... > Sent: None > To: cryptography@... > Subject: [Cryptography Team] [FIX] Crypto changes > > from preamble: > > "Change Set: Crypto changes > Date: 23 November 2006 > Author: Timothy J. Miller > > Changed e to 65537."! _______________________________________________ Cryptography mailing list Cryptography@... http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
	Re: RE: [FIX] Crypto changes by Cerebus :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On 11/24/06, Ron Teitelbaum <Ron@...> wrote: > We still need to review our validation of e=3 signatures. Did you have a > look at that? Is there any way that reading ASN.1 would stop and leave more > data past the hash without throwing an error? I think I'm missing something here. PKCS#1 signatures require digesting, encoding, encrypting, and then conversion to bit-string. The encoding step takes the hash and wraps it in the following ASN.1: DigestInfo ::= SEQUENCE { digestAlgorithm DigestAlgorithmIdentifier, digest Digest } DigestAlgorithmIdentifier ::= AlgorithmIdentifier Digest ::= OCTET STRING I'm looking at RSAKey>>v15SignMessageHash: and RSAKey>>v15VerifySignature:ofMessageHash and the encoding step is being skipped. Or am I misusing RSAKey? Or do I have an old version? (I'm still figuring out this whole Squeak packaging mess.) In re: the question, it looks to me like validation is not currently vulnerable to the attack because RSAKey>>v15VerifySignature:ofMessageHash: isn't doing any ASN.1 decoding to attack! :) -- Tim _______________________________________________ Cryptography mailing list Cryptography@... http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
	RE: RE: [FIX] Crypto changes by Ron Teitelbaum :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message No I don't think you are missing anything, I still haven't had time to check the code. The real question is after determining the hash if there is data left over it should error out. Thanks for looking at it I'll take a look too. Ron > -----Original Message----- > From: > Cerebus > Sent: Friday, November 24, 2006 3:10 PM > On 11/24/06, Ron Teitelbaum <Ron@...> wrote: > > > We still need to review our validation of e=3 signatures. Did you have > a > > look at that? Is there any way that reading ASN.1 would stop and leave > more > > data past the hash without throwing an error? > > I think I'm missing something here. PKCS#1 signatures require > digesting, encoding, encrypting, and then conversion to bit-string. > The encoding step takes the hash and wraps it in the following ASN.1: > > DigestInfo ::= SEQUENCE { > digestAlgorithm DigestAlgorithmIdentifier, > digest Digest } > > DigestAlgorithmIdentifier ::= AlgorithmIdentifier > > Digest ::= OCTET STRING > > I'm looking at RSAKey>>v15SignMessageHash: and > RSAKey>>v15VerifySignature:ofMessageHash and the encoding step is > being skipped. > > Or am I misusing RSAKey? Or do I have an old version? (I'm still > figuring out this whole Squeak packaging mess.) > > In re: the question, it looks to me like validation is not currently > vulnerable to the attack because > RSAKey>>v15VerifySignature:ofMessageHash: isn't doing any ASN.1 > decoding to attack! :) > > -- Tim > _______________________________________________ > Cryptography mailing list > Cryptography@... > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography _______________________________________________ Cryptography mailing list Cryptography@... http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
	Re: RE: RE: [FIX] Crypto changes by Cerebus :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On 11/24/06, Ron Teitelbaum <Ron@...> wrote: > No I don't think you are missing anything, I still haven't had time to check > the code. The real question is after determining the hash if there is data > left over it should error out. Thanks for looking at it I'll take a look > too. If I'm not missing anything, then doesn't this mean that the implementation is incorrect? -- Tim _______________________________________________ Cryptography mailing list Cryptography@... http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
	RE: RE: RE: [FIX] Crypto changes by Ron Teitelbaum :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message HEHEEH! Reminds me of the old joke: "Just because you are paranoid doesn't mean somebody isn't following you!" I'm not sure. I still need to look. It's very easy to throw your own ASN.1 code. A few bits here and few bits there and its all wrapped up nicely. Instead of guessing let me have a look and see. I'll try to get to it next week. I have a big meeting coming up and I'm really short on time. Sorry, Ron Teitelbaum > -----Original Message----- > From: cryptography-bounces@... > [mailto:cryptography-bounces@...] On Behalf Of > Cerebus > Sent: Friday, November 24, 2006 5:40 PM > To: Ron@...; Cryptography Team Development List > Subject: Re: RE: RE: [Cryptography Team] [FIX] Crypto changes > > On 11/24/06, Ron Teitelbaum <Ron@...> wrote: > > No I don't think you are missing anything, I still haven't had time to > check > > the code. The real question is after determining the hash if there is > data > > left over it should error out. Thanks for looking at it I'll take a > look > > too. > > If I'm not missing anything, then doesn't this mean that the > implementation is incorrect? > > -- Tim > _______________________________________________ > Cryptography mailing list > Cryptography@... > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography _______________________________________________ Cryptography mailing list Cryptography@... http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography