At 9:11 AM -0800 3/16/04, Jon Callas wrote:
I put in this note in -11 in security considerations about PKCS1
padding:
* PKCS1 has been found to be vulnerable to attacks in which a
system reports that errors in padding differently from errors in
decryption becomes a random oracle that can leak the private key
in mere millions of queries. [...]
I assume that the 2 words "reports that" in the 2nd line should
be switched ("that reports"), otherwise the text does not make
sense to me.
- Wolfgang Redtenbacher