Changes between Version 10 and Version 11 of Ticket #1296, comment 23


Ignore:
Timestamp:
11/11/21 07:51:06 (15 months ago)
Author:
kwinz
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #1296, comment 23

    v10 v11  
    3939"There is a class of attacks against PKCS1v1.5 due to Bleichenbacher, but it's due to implementations of signature verification that don't verify everything they should. [...] major implementations of PKCS1v1.5 have been safe for ages. [...] The encryption scheme is extremely difficult to implement" [3]
    4040
    41 So while it's not modern crypto, that was designed for conservative implementations, if properly mitigated for oracle attacks such as in TLS1.2 with `openssl` then RSA-PKCSV1_5 padding is secure. At least that's how I understood it.
     41So while it's not modern crypto, that was conservatively designed to stay safe even if the implementation is bad, if properly mitigated for oracle attacks such as in TLS1.2 with `openssl` then RSA-PKCSV1_5 padding is secure. At least that's how I understood it.
    4242
    4343[1] https://bugs.chromium.org/p/chromium/issues/detail?id=924230