Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Vulnerability in bigfile.py #13
There is a security vulnerability in decrypt/encrypt_bigfile(infile, outfile, pub_key). Depending on the way decrypt_bigfile() is called, it may be possible to do a Bleichenbacher attack.
First note that:
We'll force decrypt_bigfile() to implements a perfect Bleichenbacher oracle. The infile (a message) is broken into blocks, and each block is independently encrypted using RSA. That means that an attacker can reorder blocks within a message and still create a valid message. Also the attacker can construct a new message by mixing blocks from other captured messages.
If the PKCS#1 1.5 padding of the first block is incorrect, then the function decrypt_bigfile() will fail fast. If the padding is correct then the remaining blocks will be checked and that will take additional externally measurable time.
I found a way to implement this attack and break the Bitmessage protocol (Bitmessage.org) which uses decrypt_bigfile(). See http://bitslog.wordpress.com/