Public Key Signature Forgery: Collected
Thomas Ptacek | October 20th, 2006 | Filed Under: Defenses, Uncategorized
Coded properly, the RSA signature on a meaningful web site certificate can’t be forged within the lifespan of the solar system. But, as the Firefox and OpenSSL teams recently discovered, make a single mistake and they can be forged with a pencil and paper, or 3 lines of Python code.
Collected here are a series of posts we did with Nate Lawson, a researcher at Cryptography Research, Inc. We’ve structured them as a white paper in 5 major chapters, covering the background, the attack, why it’s trickier to fix than it seems, and why the same principles can be put to work against other public-key crypto algorithms.
If you’re a developer, you should know how crypto code can fail so you can avoid failures. If you’re a security researcher, you should know what to look for when you come across custom crypto code. If you’re in operations, you should know the implications of advisories about crypto libraries. No matter who you are, you should read part 6, because we think the OpenSSL attack is the tip of the iceberg.
