About a year ago I wrote this tweet and now I can finally justify it
Project Wycheproof (https://t.co/wBz9P8atHs) is the AFL (https://t.co/JM2l557PZi) of #crypto. Thanks a lot @XorNinja and team (notably including Bleichenbacher) for providing such a powerful tool — Antonio Sanso (@asanso) April 9, 2018 it is more or less when I found the vulnerabilities discussed in this short post.
IntroductionRSA BSAFE is a FIPS 140-2 validated cryptography library offered by RSA Security (now Dell). After almost a year they just published an advisory containing two fixes of two vulnerabilities I found in their Java ECDSA (CVE-2019-3739) and DSA (CVE-2019-3740) implementations. But here it comes the sweet part: I shamelessly did not do too much in order to find them. The credits are indeed all for Project Wycheproof: a tests crypto libraries against known attacks developed and maintained by members of Google Security (notably Daniel Bleichenbacher and Thai Duong). DSA Information Exposure Through Ti…
Project Wycheproof (https://t.co/wBz9P8atHs) is the AFL (https://t.co/JM2l557PZi) of #crypto. Thanks a lot @XorNinja and team (notably including Bleichenbacher) for providing such a powerful tool — Antonio Sanso (@asanso) April 9, 2018 it is more or less when I found the vulnerabilities discussed in this short post.
IntroductionRSA BSAFE is a FIPS 140-2 validated cryptography library offered by RSA Security (now Dell). After almost a year they just published an advisory containing two fixes of two vulnerabilities I found in their Java ECDSA (CVE-2019-3739) and DSA (CVE-2019-3740) implementations. But here it comes the sweet part: I shamelessly did not do too much in order to find them. The credits are indeed all for Project Wycheproof: a tests crypto libraries against known attacks developed and maintained by members of Google Security (notably Daniel Bleichenbacher and Thai Duong). DSA Information Exposure Through Ti…