[prev in list] [next in list] [prev in thread] [next in thread]
List: gcrypt-devel
Subject: Re: CMAC + SERPENT/IDEA/RC2 buffer overflow/crash with oversized key
From: Werner Koch via Gcrypt-devel <gcrypt-devel () gnupg ! org>
Date: 2021-04-04 17:15:01
Message-ID: 87eefqc6p6.fsf () wheatstone ! g10code ! de
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Fri, 2 Apr 2021 22:51, Guido Vranken said:
> With that said, exploitation might be possible in specific circumstances.
... and it would be much easier to attack the application than
Libgcrypt. An application which does not take care from where it gets
the key has for sure a lot of other problems.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
["signature.asc" (application/pgp-signature)]
_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic