Changes between Version 8 and Version 9 of Ticket #1296, comment 23
- Timestamp:
- 11/11/21 07:19:00 (2 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #1296, comment 23
v8 v9 36 36 37 37 And TLS1.2 is secure enough for us. And while I wish that Microsoft would update their TPM driver just as ChromeOS did recently[1], as far as I know the padding weakness for RSA with legacy PKCS-v1_5 padding is not exploitable in practice. "PSS has a security proof and is more robust in theory than PKCSV1_5. Nevertheless PKCSV1_5 has no known security weaknesses at this time. [...] The older RSAES-PKCS-v1_5 scheme has some known vulnerabilities (easily avoided), and is still widely used."[2] 38 "There is a class of attacks against PKCS#1v1.5 due to Bleichenbacher, but it's due to implementations of signature verification that don't verify everything they should. [...] major implementations of PKCS#1v1.5 have been safe for ages. [...] The encryption scheme is extremely difficult to implement" [3] 38 39 "There is a class of attacks against PKCS1v1.5 due to Bleichenbacher, but it's due to implementations of signature verification that don't verify everything they should. [...] major implementations of PKCS1v1.5 have been safe for ages. [...] The encryption scheme is extremely difficult to implement" [3] 39 40 40 41 So while it's not modern crypto, that was designed for conservative implementations, if properly mitigated for oracle attacks such as in TLS1.2 with openssl RSA-PKCSV1_5 padding is secure. At least that's how I understood it.
