In message <3AE70975.F9B60B6F@core-sdi.com>, Ariel Waissbein writes: >There seems to be an typo in the following post. It is RSA and not DSA. >The source, OpenSSL's webpage, has the same typo. Refer to >http://www.securityfocus.com/bid/2344 >(or http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm). > >Daniel Bleichenbacher's webpage at Bell is >http://www.bell-labs.com/user/bleichen/bib.html Hmm -- Bleichenbacher has found a flaw in DSA, too; see http://www.lucent.com/press/0201/010205.bla.html. Last time I spoke with him, the full technical paper was not yet available; it's supposed to be presented next month at EUROCRYPT. But I have no idea if OpenSSL has actually fixed that problem... --Steve Bellovin, http://www.research.att.com/~smb
This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 22:23:27 PDT