W3C home > Mailing lists > Public > public-webcrypto@w3.org > April 2014

[Bug 25431] New: Error names allow RSAES-PKCS1-v1_5 oracle attack against wrapped keys

From: <bugzilla@jessica.w3.org>
Date: Wed, 23 Apr 2014 16:22:33 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25431-7213@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25431

            Bug ID: 25431
           Summary: Error names allow RSAES-PKCS1-v1_5 oracle attack
                    against wrapped keys
           Product: Web Cryptography
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Web Cryptography API Document
          Assignee: sleevi@google.com
          Reporter: kelsey.cairns@inria.fr
                CC: public-webcrypto@w3.org

The attack relies on the fact that the errors returned from unwrapKey are
different when 1) the key is incorrectly padded and 2) the padding is correct
but formatting is wrong. The API currently specifies an OperationError for the
first case and DataError for the second.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Wednesday, 23 April 2014 16:22:34 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:22 UTC