Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing RSA padding may weaken the encryption #7

Open
douglasheld opened this issue Apr 23, 2016 · 1 comment
Open

Missing RSA padding may weaken the encryption #7

douglasheld opened this issue Apr 23, 2016 · 1 comment

Comments

@douglasheld
Copy link

In BaseCipherSuitePlugin/KeyExchangeAlgorithmRSA.cs, line 78 the RSACryptoProvider is instructed to encrypt without OAEP padding, which may weaken the encryption. Basically the second parameter is "false" instead of "true". Reconsider whether you are using the API correctly in this case.

The same pattern is also seen on line 113.
@SlEventHorizon
Copy link

@douglasheld
As RFC 5246 specifies, RSA must be used with PKCS#1v1.5 padding which is the padding used when setting the parameter to false. OAEP padding will reduce compatibility between other protocol versions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@douglasheld @SlEventHorizon