From owner-freebsd-security@FreeBSD.ORG Tue Sep 5 16:09:13 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A168E16A4EA for ; Tue, 5 Sep 2006 16:09:13 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd2mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3BE8D43D9D for ; Tue, 5 Sep 2006 16:09:01 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd3mr6so.prod.shaw.ca (pd3mr6so-qfe3.prod.shaw.ca [10.0.141.21]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0J5400CGGNIBF7F0@l-daemon> for freebsd-security@freebsd.org; Tue, 05 Sep 2006 10:08:35 -0600 (MDT) Received: from pn2ml2so.prod.shaw.ca ([10.0.121.146]) by pd3mr6so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0J5400FRYNHPJR20@pd3mr6so.prod.shaw.ca> for freebsd-security@freebsd.org; Tue, 05 Sep 2006 10:08:13 -0600 (MDT) Received: from hexahedron.daemonology.net ([24.82.18.31]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with SMTP id <0J5400G2CNHO8MD0@l-daemon> for freebsd-security@freebsd.org; Tue, 05 Sep 2006 10:08:13 -0600 (MDT) Received: (qmail 28020 invoked from network); Tue, 05 Sep 2006 16:08:10 +0000 Received: from unknown (HELO ?127.0.0.1?) (127.0.0.1) by localhost with SMTP; Tue, 05 Sep 2006 16:08:10 +0000 Date: Tue, 05 Sep 2006 09:08:10 -0700 From: Colin Percival In-reply-to: <7.0.1.0.0.20060905105253.149db9a8@sentex.net> To: Mike Tancsa Message-id: <44FDA0EA.5050409@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Enigmail-Version: 0.94.0.0 References: <7.0.1.0.0.20060905105253.149db9a8@sentex.net> User-Agent: Thunderbird 1.5 (X11/20060416) Cc: freebsd-security@freebsd.org Subject: Re: http://www.openssl.org/news/secadv_20060905.txt X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Sep 2006 16:09:13 -0000 Mike Tancsa wrote: > Does anyone know the practicality of this attack ? i.e. is this trivial > to do ? I'm as surprised by this as you are -- usually I get advance warning about upcoming OpenSSL issues via vendor-sec -- but on first glance it looks like this attack is indeed trivial. Also, it looks like the attack isn't limited to keys with a public exponent of 3; unless I misunderstand the bug, it affects small exponents generally. An exponent of 17 on a 4096-bit key is almost certainly vulnerable; beyond that I would need to read the ASN code to confirm. Keys with a public exponent of 65537 are absolutely not vulnerable to this attack. Colin Percival