The jwcrypto implementation of the RSA1_5 algorithm is vulnerable to the Million Message Attack described in RFC 3128.
A timing attack can be leveraged against the implementation to detect when a chosed ciphertext generates a valid header and padding because invalid headr/padding generates a code exception and cryptographic operations are terminated earlier resulting in measurably faster processing over the network.
Many thanks to Dennis Detering dennis.detering@rub.de for discovering and reporting this vulnerability.
The text was updated successfully, but these errors were encountered:
The jwcrypto implementation of the RSA1_5 algorithm is vulnerable to the Million Message Attack described in RFC 3128.
A timing attack can be leveraged against the implementation to detect when a chosed ciphertext generates a valid header and padding because invalid headr/padding generates a code exception and cryptographic operations are terminated earlier resulting in measurably faster processing over the network.
Many thanks to Dennis Detering dennis.detering@rub.de for discovering and reporting this vulnerability.
The text was updated successfully, but these errors were encountered: