This Post Brought to You By The Number 3, and The Letters and S and L
There’s a fascinating discussion of the intersection of cryptanalysis, specification and flexibility, all of it stemming from yet another SSL attack by Bleichenbacher. The best posts are over at Matasano:
- Many RSA Signatures May Be Forgeable In OpenSSL and Elsewhere
- Mozilla Falls to RSA Forgery Attack
- RSA Signature Forgery Explained (with Nate Lawson) – Part I, Part II, and Part III.
- Halvar Flake and Nate Lawson on Alternative Padding Schemes
Tom claimed on Thursday that they’d have part 4 up “tonight.” I guess winter nights are long in Illinois.