Among others, popular OpenSSL and GnuTLS implementations are vulnerable.
The authors recommend to stop using RSA PKCS#1 v1.5 and switch to Elliptic curve Diffie-Hellman.
They suspect that any cryptographic library using general purpose integer implementations ( (default mode of OpenSSL's BIGNUM, Java's BigInteger, Python's int, Rust's apin...) is vulnerable.
What can the attackers gain?
- The attacker is able to decrypt RSA ciphertexts and forge signatures.
- For a TLS server that defaults to RSA encryption key exchanges, that means the attacker can record a session and decrypt it later.
more...
Posts
No comments:
Post a Comment