hngopher.com

       [HN Gopher] Reverse Engineering the Verification QR Code on My D...
       ___________________________________________________________________
        
       Reverse Engineering the Verification QR Code on My Diploma
        
       Author : obrhubr
       Score  : 24 points
       Date   : 2024-07-04 22:22 UTC (38 minutes ago)
        
 (HTM) web link (obrhubr.org)
 (TXT) w3m dump (obrhubr.org)
        
       | pxx wrote:
       | this analysis does not seem particularly good and seems to be
       | written for maximum hype value instead of correctness.
       | 
       | e.g.:
       | 
       | > The first issue is the absolute disregard for any of the
       | standards related to RSA key usage. Encrypting with the private
       | key and decrypting with the public key is usually only done in
       | the context of signing/verifying.
       | 
       | but... you _are_ doing a verification at this stage. this _is_
       | how public-key encryption works. but since the data is so short,
       | the  "signature" is just the data itself instead of a
       | (essentially) a hash of it.
       | 
       | the stuff about pkcs#1 1.5 likewise is irrelevant. there's no way
       | to get a padding oracle, and the Bleichenbacher '06 signature
       | forgery scheme seems to be an attack on a bad signature
       | verification algorithm and not an issue with the primitive. but
       | we're not using signature verification here.
        
         | obrhubr wrote:
         | Thanks for the feedback, appreciate it. I wanted this to more
         | entertaining than informative, but I understand why this might
         | mislead.
         | 
         | - I agree that the section on pkcs#1 is at this point
         | irrelevant, I left it in just to mention that fact. But I will
         | probably take it out now :)
         | 
         | - Concerning the part of misusing RSA: My understanding is that
         | you usually append the signature at the end, after a copy of
         | the data which is not done here. I believe they are misusing it
         | here because no library for RSA supports this use case, to
         | decrypt using a public key you always have to provide the
         | message and signature. This isn't possible here because the
         | message is encrypted. So I think they are misusing RSA.
        
       ___________________________________________________________________
       (page generated 2024-07-04 23:00 UTC)