|
On 6/26/2013 10:48 AM, Duane, Chris
wrote:
Hi Oscar,
The
recommendation to use OAEP (optimal asymmetric encryption
padding), as the name implies, is referring to a padding
scheme for encryption. Essentially the attack in question
is a side channel attack against the padding, and moving to
v2 with OAEP itself is not sufficient unless you also
disable support for 1.5.
Thanks,
-chris
Hi Chris -
So to answer Oscar's question - this is for encryption only.
I found an article that suggests that even OAEP is susceptible to
side channel attacks against padding.
The more general guidance - and this is in line with NIST's FIPS
140-2 stuff - is that a given RSA key pair should only be used for
either signature/verify or encrypt/decrypt and not both; and that it
should be used with one and only one padding scheme.
That sounds like a usage guide thing to me rather than putting it
into the mandatory enforcement by token category.
Later, Mike
|