| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 02 May 2005 17:56:17 -0700 From: SSC Advisory Notice <bugtraq@...urescience.net> To: Secure Science Corporation Advisory Notice <bugtraq@...urityfocus.com> Subject: Secure Science Corporation Advisory CSA-056 Secure Science Corporation Advisory CSA-056 http://www.securescience.net e-response@...urescience.net 877-570-0455 --------------------------------------------------------- LibTomCrypt version <=1.02 contained weak signature scheme used with ECC keys, allowing trivial signature forgeries. --------------------------------------------------------- Vulnerability Classification: Cryptography - arbitrary message signing Discovery Date: May 1, 2005 Vendor Reported Advisory Discovery Published: May 2, 2005 Abstract: --------- LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines. A vulnerability was found by the author within the signature scheme used with the Elliptic Curve Cryptosystem routines that will allow arbitrary signatures to be created by an attacker. Description: ------------ During recent cryptographic review by the author, a mathematical flaw was found within the implementation of the El Gamal signature algorithm used in LibTomCrypt versions <=1.02 An attacker can create a valid random signature by selecting a random value for a, and then computing (a^-1)C (where the inverse is modulo the order of the curve), essentially allowing an attacker to sign arbitrary messages without the private key. Affected Vendors: --------------- All vendors using LTC <=1.02 that apply ECC with signatures. Vendor and Patch Information: ----------------------------- Secure Science Corporation is distributing this advisory on behalf of the author. The author has stated that LibTomCrypt 1.03 will be released May 7, 2005 with X9.62 ECDSA implemented, a FIPS 180-2 standard. Solution: --------- X9.62 ECDSA implementation. Credits: -------- Secure Science Corporation - Tom St Denis Disclaimer: ----------- Secure Science Corporation is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Secure Science Corporation products.
Powered by blists - more mailing lists