Open Source Is Not Enough. Attacking the EC-package of Bouncycastle version 1.x_132
نویسندگان
چکیده
BouncyCastle is an open source Crypto provider written in Java which supplies classes for Elliptic Curve Cryptography (ECC). We have found a flaw in the class ECPoint resulting from an unhappy interaction of elementary algorithms. We show how to exploit this flaw to a real world attack, e.g., on the encryption scheme ECIES. BouncyCastle has since fixed this flaw (version 1.x 133 and higher) but all older versions remain highly vulnerable to an active attacker and the attack shows a certain vulnerability of the involved validation algorithms.
منابع مشابه
Towards reproducible research : From data analysis ( in R ) to a
Much scientific research makes use of commonly available ’office’ software. While numerous more fully-featured open-source alternatives exist, the integration of diverse tools and platforms which their use often entails can be challenging. The mp package for Emacs aims to bring together a number of these elements with the goal of simplifying the process of converting an .R file, as used for dat...
متن کاملOn the Practical Exploitability of Dual EC in TLS Implementations
This paper analyzes the actual cost of attacking TLS implementations that use NIST’s Dual EC pseudorandom number generator, assuming that the attacker generated the constants used in Dual EC. It has been known for several years that an attacker generating these constants and seeing a long enough stretch of Dual EC output bits can predict all future outputs; but TLS does not naturally provide a ...
متن کاملAn enhanced version of SMMP - open-source software package for simulation of proteins
We describe a revised and updated version of the program package SMMP (Simple Molecular Mechanics for Proteins) [F. Eisenmenger, U.H.E. Hansmann, Sh. Hayryan, C.-K. Hu, Comput. Phys. Comm. 138 (2001) 192–212]. SMMP is an open-source FORTRAN package for molecular simulation of proteins within the standard geometry model. It is designed as a simple and inexpensive tool for researchers and student...
متن کاملTo Fork or Not to Fork: Fork Motivations in SourceForge Projects
A project fork occurs when software developers take a copy of source code from one software package and use it to begin an independent development work that is maintained separately. Although forking in open source software does not require the permission of the original authors, the new version competes for the attention of the same developers that have worked on the original version. The moti...
متن کاملNano-Optical Device Design with the Use of Open- Source Parallel Version FDTD Software Installed on Texas A&M Supercomputer Eos and Commercial Finite Element Package
In this paper, the implementation of open-source parallel-version FDTD (Finite-Difference-Time-Domain) software, MEEP, on Texas A&M supercomputers and commercial finite element package, COMSOL, on a single workstation for the design design of nano-optical device is reported. The the computer architecture and performance of both numerical methods on the same design will be briefly described.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2008 شماره
صفحات -
تاریخ انتشار 2008