Hello anybody, When reading about the patch against Klíma-Pokorný-Rosa attack, I have got the impression that the patch, OpenSsl provides by hiding the Bad PKCS#1 version and bad ssl version oracles thwart both the Klíma-Pokorný-Rosa attack and the original Bleichenbacher attack they extended. Therefore it seems to me that RSA blinding becomes obsolete. Is there any other kind of attack against OpenSsl, RSA blinding was intended to thwart? Thanks a lot for hints. André
André Ziermann, senior solution engineer Fon +49.6151.82897-21 Fax +49.6151.82897-26 www.secude.com mailto:[EMAIL PROTECTED] SECUDE IT Security GmbH Dolivostrasse 11, 64293 Darmstadt, Germany Rautistraße 75, 8048 Zürich, Switzerland CEO: Dr. Heiner Kromer; COO: Bernd Kircher ----------------------- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
