Bleichenbacher Attack
Jump to navigation
Jump to search
Description
Description what this documentation is about
Requirements
There are a couple things which are needed for an effective Bleichenbacher Attack. Basically this attack works with RSA PKCS 1.5 but there is one important requirement: a Bleichenbacher Oracle. Such an oracle is a target system which answers repeated questions concerning the validity of an PKCS paket. To create such an oracle there are basically three ways:
- Plain Envryption: if implementation is without signature, the target system will only check the validity of the PKCS paket and sending an error message if the paket is invalid
- Detailed Error Messages: if encryption and signature is applied, but the target system generates specific eroors regarding the validity of an pkcs paket
- Timing Attack: if encryption and signature is applied in a proper way, you can still check the time between responses to generate a side channel regarding the validity of the paket