AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Insecure RSA Padding

The attacker spends less effort to deduce patterns from the encrypted text or completely recovering the original plaintext

Severity

Critical

Fix Cost

High

Trust Level

High

Usage of RSA algorithm without a secure padding makes it easier for an attacker to apply a number of attacks on the implementation. This is due to deterministic feature of not using padding scheme when using the RSA algorithm.

Pkcs1 v1.5 padding mode is used in the code below. In 1998 researchers released a paper on a practical attack against Pkcs1 v1.5 mode used in conjunction with RSA algorithm, namely chosen ciphertext attack. With this proposed attack it was possible to determine whether a decrypted message is valid or not. As a result, for instance, it was possible to extract session keys used in SSL v.3 traffic.

                            
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.Encrypt(plaintext, false);
                 
            

Usage of RSA algorithm without a secure padding makes it easier for an attacker to apply a number of attacks on the implemetation. This is due to deterministic feature of not using padding scheme when using the RSA algorithm.

Pkcs1 v1.5 padding mode is used in the code below. In 1998 researchers released a paper on a practical attack against Pkcs1 v1.5 mode used in conjunction with RSA algorithm, namely chosen ciphertext attack. With this proposed attack it was possible to determine whether a decrypted message is valid or not. As a result, for instance, it was possible to extract session keys used in SSL v.3 traffic.

                
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.ENCRYPT_MODE, pubk);
cipher.doFinal(inpBytes);
                
            

Usage of RSA algorithm without a secure padding makes it easier for an attacker to apply a number of attacks on the implemetation. This is due to deterministic feature of not using padding scheme when using the RSA algorithm.

Pkcs1 v1.5 padding mode is used in the code below. In 1998 researchers released a paper on a practical attack against Pkcs1 v1.5 mode used in conjunction with RSA algorithm, namely chosen ciphertext attack. With this proposed attack it was possible to determine whether a decrypted message is valid or not. As a result, for instance, it was possible to extract session keys used in SSL v.3 traffic.

            
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.ENCRYPT_MODE, pubk);
cipher.doFinal(inpBytes);
                
            

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!