http://www.openssl.org/news/secadv_20060905.txt
Colin Percival
cperciva at freebsd.org
Tue Sep 5 16:09:13 UTC 2006
Mike Tancsa wrote:
> Does anyone know the practicality of this attack ? i.e. is this trivial
> to do ?
I'm as surprised by this as you are -- usually I get advance warning about
upcoming OpenSSL issues via vendor-sec -- but on first glance it looks like
this attack is indeed trivial.
Also, it looks like the attack isn't limited to keys with a public exponent
of 3; unless I misunderstand the bug, it affects small exponents generally.
An exponent of 17 on a 4096-bit key is almost certainly vulnerable; beyond
that I would need to read the ASN code to confirm.
Keys with a public exponent of 65537 are absolutely not vulnerable to this
attack.
Colin Percival
More information about the freebsd-security
mailing list