Ariel Waissbein <core.lists.bugtraq@CORE-SDI.COM> writes: > There seems to be an typo in the following post. It is RSA and not DSA. > The source, OpenSSL's webpage, has the same typo. Refer to > http://www.securityfocus.com/bid/2344 > (or http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm). [...] > Jim Knoble wrote: > > This doesn't seem to have been announced here: OpenSSL-0.9.6a appears > [snip] > > - Security fix: prevent Bleichenbacher's DSA attack. > > it should be Bleichenbacher's RSA attack and not DSA Bleichenbacher did find a theoretical (but not very practical to exploit) bias in the DSA recommended method of selecting k [1], and that bias is fixed in OpenSSL-0.9.6a: *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent Bleichenbacher's DSA attack. [1] http://www.infoworld.com/articles/hn/xml/01/02/05/010205hndsa.xml coderpunksat_private/msg04228.html">http://www.mail-archive.com/coderpunksat_private/msg04228.html -- Dan Riley dsrat_private Wilson Lab, Cornell University <URL:http://www.lns.cornell.edu/~dsr/> "History teaches us that days like this are best spent in bed"
This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 10:49:27 PDT