Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OpenSSL, OpenSSH ecdsa authentication code inconsistent return values.. no vulnerability?

From: king cope <isowarez.isowarez.isowarez () googlemail com>
Date: Fri, 13 Sep 2013 08:56:34 +0200
Georgi thanks for the pointer, though I guess points that are not on
the curve will be rejected in the case the curve is not user supplied.
If the curve is user supplied the authentication might succeed if this
case is not catched before.
Great work Georgi, always wanted to thank you ;-)

2013/9/13 Georgi Guninski <guninski () guninski com>:

Didn't quite understood the checks, but here is an idea:

If you can make a user supplied point NOT ON THE curve
to be accepted as valid, this might break the other private
key (basically it is working on another curve, leaking info
about the private key).

There is a document describing the exact attack,
if you can do this check for a start:

http://crypto.stackexchange.com/questions/3820/why-do-public-keys-need-to-be-validated


On Fri, Sep 13, 2013 at 08:11:47AM +0200, king cope wrote:

Hello lists,

Attached is the blog post for the mentioned issues that in its shape
are not a vulnerability, still interesting to see.

http://kingcope.wordpress.com/2013/09/13/opensslopenssh-ecdsa-authentication-code-inconsistent-return-values-no-vulnerability/

Cheers,

Kingcope

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: