Ars Technica

PHP: mcrypt, TripleDES encryption, and PKCS5 Padding interop with Java

Hey All,<BR><BR>Well the title kind of says it all. Here's the current situation.<BR><BR>I'm reprogramming an extranet website that was written in Java with PHP. One of the the things this extranet ...
PC World

Researchers Devise Practical Key Recovery Attack Against Smart Cards, Security Tokens

A team of cryptographic researchers claim to have developed an attack method that can be used to recover secret keys in an acceptable time frame from cryptographic devices like smart cards, hardware ...
Dark Reading

RSA SecurID 800 Token Attack Detailed By Researchers

A team of cryptographic scientists have found a way to exploit the RSA SecurID 800 token, as well as at least seven other tokens, by leveraging cryptographic flaws in the devices. The researchers, who ...
Threat Post

Padding Oracle Crypto Research Prompts Confusion, Dissenting Opinions on Severity

Few things tend to spark debates and controversy in the security community like a new piece of cryptographic research. The paper by a group of academic researchers on an improvement to a padding ...
Computer Weekly

The exploitation of flaws in the HTTPS protocol

We look at the three main reasons the Bleichenbacher attack is possible: as a direct result of a standardised and popular padding scheme (PKCS#1 v1.5) that is used in conjunction with RSA in TLS; an ...
IT News For Australia Business

"Marvin" breathes new life into Bleichenbacher's timing oracle attack

An ancient timing oracle attack against RSA encryption has re-emerged, with a Red Hat researcher saying an oracle attack first discovered in 1998 by Daniel Bleichenbacher remains exploitable.