lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 02 May 2005 17:56:17 -0700
From: SSC Advisory Notice <>
To: Secure Science Corporation Advisory Notice <>
Subject: Secure Science Corporation Advisory CSA-056

Secure Science Corporation Advisory CSA-056


LibTomCrypt version <=1.02 contained weak signature scheme used
with ECC keys, allowing trivial signature forgeries.


Vulnerability Classification: Cryptography - arbitrary message signing

Discovery Date: May 1, 2005
Vendor Reported Advisory
Discovery Published: May 2, 2005

LibTomCrypt is a fairly comprehensive, modular and portable 
cryptographic toolkit that provides developers with a vast array of well 
known published block ciphers, one-way hash functions, chaining modes, 
pseudo-random number generators, public key cryptography and a plethora 
of other routines. A vulnerability was found by the author within the 
signature scheme used with the Elliptic Curve Cryptosystem routines that 
will allow arbitrary signatures to be created by an attacker.

During recent cryptographic review by the author, a mathematical flaw 
was found within the implementation of the El Gamal signature algorithm 
used in LibTomCrypt versions <=1.02 An attacker can create a valid 
random signature by selecting a random value for a, and then computing 
(a^-1)C (where the inverse is modulo the order of the curve), 
essentially allowing an attacker to sign arbitrary messages without the 
private key.

Affected Vendors:
All vendors using LTC <=1.02 that apply ECC with signatures.

Vendor and Patch Information:
Secure Science Corporation is distributing this advisory on behalf of 
the author. The author has stated that LibTomCrypt 1.03 will be released 
May 7, 2005 with X9.62 ECDSA implemented, a FIPS 180-2 standard.

X9.62 ECDSA implementation.

Secure Science Corporation - Tom St Denis

Secure Science Corporation is not responsible for the misuse of any of 
the information we provide on this website and/or through our security 
advisories. Our advisories are a service to our customers intended to 
promote secure installation and use of Secure Science Corporation products.

Powered by blists - more mailing lists