[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] Proposal for recommendation/best practice on protection against Padded Oracle attacks
On 6/26/2013 10:48 AM, Duane, Chris wrote:
Hi Chris -
So to answer Oscar's question - this is for encryption only.
I found an article that suggests that even OAEP is susceptible to side channel attacks against padding.
The more general guidance - and this is in line with NIST's FIPS 140-2 stuff - is that a given RSA key pair should only be used for either signature/verify or encrypt/decrypt and not both; and that it should be used with one and only one padding scheme.
That sounds like a usage guide thing to me rather than putting it into the mandatory enforcement by token category.