• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>European PKI(Public Key Infrastructure) Workshop: Theory and Practice(EuroPKI 2007); 20070628-30; Palma de Mallorca(ES) >A New Variant for an Attack Against RSA Signature Verification Using Parameter Field
【24h】

A New Variant for an Attack Against RSA Signature Verification Using Parameter Field

机译:使用参数字段对RSA签名验证进行攻击的新变种

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

We present a method to create a forged signature which will be verified to a syntactically well-formed ASN.1 datum, when certificate authorities use small RSA public exponents such as 3. Our attack is related to the technique which Daniel Bleichenbacher reported recently, but our forged signature is well-formed ASN.1 datum, unlike Bleichen-bacher's original attack: thus our new attack is still applicable to certain implementations even if these are immune to the Bleichenbacher's attack. We have also analyzed the parameters which enable our attack and Bleichenbacher's, and found that both attacks are possible with the combination of existing public keys of widely-trusted certificate authorities and existing real-world implementations. We have already reported the vulnerability to developers of both GNUTLS and Mozilla NSS to fix their implementations.
机译:我们提出了一种创建伪造签名的方法,当证书颁发机构使用较小的RSA公共指数(例如3)时,该伪造签名将被验证为语法正确的ASN.1数据。我们的攻击与Daniel Bleichenbacher最近报告的技术有关,但我们的伪造签名是格式正确的ASN.1数据,这与Bleichen-bacher的原始攻击不同:因此,即使某些实现不受Bleichenbacher的攻击,我们的新攻击仍然适用于某些实现。我们还分析了启用我们的攻击和Bleichenbacher攻击的参数,并发现结合使用广受信任的证书颁发机构的现有公钥和现有的实际实现,两种攻击都是可能的。我们已经向GNUTLS和Mozilla NSS的开发人员报告了该漏洞,以修复其实现。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号