• Simo Sorce's avatar
    CVE-2016-6298: Million Messages Attack mitigation · eb5be5bd
    Simo Sorce authored
    RFC 3218 describes an oracle attack called Million Messages Attack
    against RSA with PKCS1 v1.5 padding.
    
    Depending on how JWEs are used a server may become an Oracle, and the
    mitigation presecribed in RFC 3218 2.3.2 need to be implemented.
    
    Many thanks to Dennis Detering for his responsible disclosure and help
    verifying the mitigation approach.
    
    Resolves #65
    Signed-off-by: 's avatarSimo Sorce <simo@redhat.com>
    Closes #66
    eb5be5bd
Name
Last commit
Last update
docs Loading commit data...
jwcrypto Loading commit data...
.coveragerc Loading commit data...
.gitignore Loading commit data...
.travis.yml Loading commit data...
LICENSE Loading commit data...
MANIFEST.in Loading commit data...
Makefile Loading commit data...
README.md Loading commit data...
requirements.txt Loading commit data...
setup.cfg Loading commit data...
setup.py Loading commit data...
tox.ini Loading commit data...