Ars Technica

PHP: mcrypt, TripleDES encryption, and PKCS5 Padding interop with Java

Hey All,<BR><BR>Well the title kind of says it all. Here's the current situation.<BR><BR>I'm reprogramming an extranet website that was written in Java with PHP. One of the the things this extranet ...
PC World

Researchers Devise Practical Key Recovery Attack Against Smart Cards, Security Tokens

A team of cryptographic researchers claim to have developed an attack method that can be used to recover secret keys in an acceptable time frame from cryptographic devices like smart cards, hardware ...
Threat Post

Padding Oracle Crypto Research Prompts Confusion, Dissenting Opinions on Severity

Few things tend to spark debates and controversy in the security community like a new piece of cryptographic research. The paper by a group of academic researchers on an improvement to a padding ...
Computer Weekly

The exploitation of flaws in the HTTPS protocol

We look at the three main reasons the Bleichenbacher attack is possible: as a direct result of a standardised and popular padding scheme (PKCS#1 v1.5) that is used in conjunction with RSA in TLS; an ...
IT News For Australia Business

RSA tokens 'broken' in 13 minutes

The group are to present a paper on the subject at the Crypto 2012 conference in August in Santa Barbara, California. They also confirmed that the SecurID 800 and other tokens can be broken. The paper ...
IT News For Australia Business

"Marvin" breathes new life into Bleichenbacher's timing oracle attack

An ancient timing oracle attack against RSA encryption has re-emerged, with a Red Hat researcher saying an oracle attack first discovered in 1998 by Daniel Bleichenbacher remains exploitable.