Shostack + Friends Blog Archive

This Post Brought to You By The Number 3, and The Letters and S and L

There’s a fascinating discussion of the intersection of cryptanalysis, specification and flexibility, all of it stemming from yet another SSL attack by Bleichenbacher. The best posts are over at Matasano:

Many RSA Signatures May Be Forgeable In OpenSSL and Elsewhere
Mozilla Falls to RSA Forgery Attack
RSA Signature Forgery Explained (with Nate Lawson) – Part I, Part II, and Part III.
Halvar Flake and Nate Lawson on Alternative Padding Schemes

Tom claimed on Thursday that they’d have part 4 up “tonight.” I guess winter nights are long in Illinois.

Originally published by adam on 17 Sep 2006
Last modified on 17 Sep 2006
Categories: information security Uncategorized

3 comments on "This Post Brought to You By The Number 3, and The Letters and S and L"

Anonymous says:

18 Sep 2006 at 2:30 am

Bliechenbacher link is dead.
Anonymous says:

18 Sep 2006 at 7:13 am

I before E except after BL.
Link here
http://www.bell-labs.com/user/bleichen/
Adam says:

18 Sep 2006 at 10:55 am

Fixed those, thanks!
PS: “L” is 66% similar to “C” in shape, and so the rule applies 33% of the time. 😉

Comments are closed.