Changes between Version 10 and Version 11 of Ticket #1296, comment 23
- Timestamp:
- 11/11/21 07:51:06 (2 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #1296, comment 23
v10 v11 39 39 "There is a class of attacks against PKCS1v1.5 due to Bleichenbacher, but it's due to implementations of signature verification that don't verify everything they should. [...] major implementations of PKCS1v1.5 have been safe for ages. [...] The encryption scheme is extremely difficult to implement" [3] 40 40 41 So while it's not modern crypto, that was designed for conservative implementations, if properly mitigated for oracle attacks such as in TLS1.2 with `openssl` then RSA-PKCSV1_5 padding is secure. At least that's how I understood it.41 So while it's not modern crypto, that was conservatively designed to stay safe even if the implementation is bad, if properly mitigated for oracle attacks such as in TLS1.2 with `openssl` then RSA-PKCSV1_5 padding is secure. At least that's how I understood it. 42 42 43 43 [1] https://bugs.chromium.org/p/chromium/issues/detail?id=924230