Daniel Bleichenbacher: Difference between revisions
Anton.bersh (talk | contribs) m Use correct name of SSL (as appears in RFC titles) |
m clean up |
||
| Line 7: | Line 7: | ||
=== BB'98 attack: chosen ciphertext attack against the RSA PKCS#1 encryption standard === |
=== BB'98 attack: chosen ciphertext attack against the RSA PKCS#1 encryption standard === |
||
In 1998, Daniel Bleichenbacher demonstrated a practical attack against systems using RSA encryption in concert with the '''PKCS #1''' encoding function, including a version of the [[Secure Sockets Layer]] (SSL) protocol used by thousands of [[web server]]s at the time.<ref> |
In 1998, Daniel Bleichenbacher demonstrated a practical attack against systems using RSA encryption in concert with the '''PKCS #1''' encoding function, including a version of the [[Secure Sockets Layer]] (SSL) protocol used by thousands of [[web server]]s at the time.<ref>{{Cite journal| first=Daniel| last=Bleichenbacher| title=Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1| journal=Crypto '98| pages=1–12| year=1998| url=http://www.bell-labs.com/user/bleichen/papers/pkcs.ps| format=PS| accessdate=2011-12-07| url-status=dead| archiveurl=https://web.archive.org/web/20120204040056/http://www.bell-labs.com/user/bleichen/papers/pkcs.ps| archivedate=2012-02-04}}</ref> |
||
This attack was the first practical reason to consider [[adaptive chosen-ciphertext attack]]s. |
This attack was the first practical reason to consider [[adaptive chosen-ciphertext attack]]s. |
||
| Line 14: | Line 14: | ||
In 2006 at a rump session at [[CRYPTO]], Bleichenbacher described a "pencil and paper"-simple attack against RSA signature validation as implemented in common cryptographic toolkits. Both [[OpenSSL]] and the NSS security engine in [[Firefox]] were later found to be vulnerable to the attack, which would allow an attacker to forge the [[Transport Layer Security|SSL]] [[Public key certificate|certificates]] that protect sensitive websites.<ref>[https://www.ietf.org/mail-archive/web/openpgp/current/msg00999.html Bleichenbacher's RSA signature forgery based on implementation error]</ref><ref>[https://ieeexplore.ieee.org/document/4159923 Analysis on Bleichenbacher's Forgery Attack]. ''IEEE''. 2007.</ref> |
In 2006 at a rump session at [[CRYPTO]], Bleichenbacher described a "pencil and paper"-simple attack against RSA signature validation as implemented in common cryptographic toolkits. Both [[OpenSSL]] and the NSS security engine in [[Firefox]] were later found to be vulnerable to the attack, which would allow an attacker to forge the [[Transport Layer Security|SSL]] [[Public key certificate|certificates]] that protect sensitive websites.<ref>[https://www.ietf.org/mail-archive/web/openpgp/current/msg00999.html Bleichenbacher's RSA signature forgery based on implementation error]</ref><ref>[https://ieeexplore.ieee.org/document/4159923 Analysis on Bleichenbacher's Forgery Attack]. ''IEEE''. 2007.</ref> |
||
== References == |
== References == |
||
{{Reflist}} |
{{Reflist}} |
||
{{authority control}} |
{{authority control}} |
||
{{DEFAULTSORT:Bleichenbacher, Daniel}} |
{{DEFAULTSORT:Bleichenbacher, Daniel}} |
||
[[Category:Modern cryptographers]] |
[[Category:Modern cryptographers]] |
||
Revision as of 02:52, 28 June 2022
Daniel Bleichenbacher (born 1964) is a Swiss cryptographer, previously a researcher at Bell Labs, and currently employed at Google. He received his Ph.D. from ETH Zurich in 1996 for contributions to computational number theory, particularly concerning message verification in the ElGamal and RSA public-key cryptosystems.[1] His doctoral advisor was Ueli Maurer.
RSA Attacks
Bleichenbacher is particularly notable for devising attacks against the RSA public-key cryptosystem, namely when used with the PKCS#1 v1 standard published by RSA Laboratories. These attacks were able to break both RSA encryption and signatures produced using the PKCS #1 standard.
BB'98 attack: chosen ciphertext attack against the RSA PKCS#1 encryption standard
In 1998, Daniel Bleichenbacher demonstrated a practical attack against systems using RSA encryption in concert with the PKCS #1 encoding function, including a version of the Secure Sockets Layer (SSL) protocol used by thousands of web servers at the time.[2] This attack was the first practical reason to consider adaptive chosen-ciphertext attacks.
BB'06 attack: signature forgery attack against the RSA PKCS#1 signature standard
In 2006 at a rump session at CRYPTO, Bleichenbacher described a "pencil and paper"-simple attack against RSA signature validation as implemented in common cryptographic toolkits. Both OpenSSL and the NSS security engine in Firefox were later found to be vulnerable to the attack, which would allow an attacker to forge the SSL certificates that protect sensitive websites.[3][4]
References
- ^ http://cr.yp.to/bib/1996/bleichenbacher-thesis.ps
- ^ Bleichenbacher, Daniel (1998). "Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1". Crypto '98: 1–12. Archived from the original (PS) on 2012-02-04. Retrieved 2011-12-07.
- ^ Bleichenbacher's RSA signature forgery based on implementation error
- ^ Analysis on Bleichenbacher's Forgery Attack. IEEE. 2007.
| Authority control databases: Academics |
|---|
