RSA UnSecureIDs

It seems like a lot of interesting computer security stuff is coming out of the French lately.  First we had Mimikatz, and now this:

RR-7944.pdf (765.37 kb)

I hadn't been interested enough to consider it before, but I do find it mildly surprising that a block cipher was used in such a high-profile implementation.  Although I have been known to use ECB (Electronic Codebook) to obscure really short pieces of text, it's typically a very poor choice for encrypting large blocks of text as it becomes easier to cryptanalyze the more encrypted sample text you have.  CBC seems pretty cool though as it introduces feedback and seems to eliminate all semblances of human-recognizable patterns. Anyhow, I digress as that actually has nothing to do with the sort of padding attacks that are outlined in that document above.  It's a pretty fascinating read.  Between that and Windows Internals my brain feels like it's getting sprayed with a fire hose of knowledge lately.

Comments are closed