Secure Science Corporation Advisory CSA-056

To: Secure Science Corporation Advisory Notice <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Secure Science Corporation Advisory CSA-056
From: SSC Advisory Notice <bugtraq@xxxxxxxxxxxxxxxxx>
Date: Mon, 02 May 2005 17:56:17 -0700
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: Secure Science Corporation
User-agent: Mozilla Thunderbird 0.8 (X11/20040913)

Secure Science Corporation Advisory CSA-056
http://www.securescience.net
e-response@xxxxxxxxxxxxxxxxx
877-570-0455

---------------------------------------------------------

LibTomCrypt version <=1.02 contained weak signature scheme used
with ECC keys, allowing trivial signature forgeries.

---------------------------------------------------------

Vulnerability Classification: Cryptography - arbitrary message signing

Discovery Date: May 1, 2005
Vendor Reported Advisory
Discovery Published: May 2, 2005

Abstract:
---------

LibTomCrypt is a fairly comprehensive, modular and portablecryptographic toolkit that provides developers with a vast array of wellknown published block ciphers, one-way hash functions, chaining modes,pseudo-random number generators, public key cryptography and a plethoraof other routines. A vulnerability was found by the author within thesignature scheme used with the Elliptic Curve Cryptosystem routines thatwill allow arbitrary signatures to be created by an attacker.


Description:
------------

During recent cryptographic review by the author, a mathematical flawwas found within the implementation of the El Gamal signature algorithmused in LibTomCrypt versions <=1.02 An attacker can create a validrandom signature by selecting a random value for a, and then computing(a^-1)C (where the inverse is modulo the order of the curve),essentially allowing an attacker to sign arbitrary messages without theprivate key.



Affected Vendors:
---------------
All vendors using LTC <=1.02 that apply ECC with signatures.

Vendor and Patch Information:
-----------------------------

Secure Science Corporation is distributing this advisory on behalf ofthe author. The author has stated that LibTomCrypt 1.03 will be releasedMay 7, 2005 with X9.62 ECDSA implemented, a FIPS 180-2 standard.


Solution:
---------
X9.62 ECDSA implementation.


Credits:
--------
Secure Science Corporation - Tom St Denis

Disclaimer:
-----------

Secure Science Corporation is not responsible for the misuse of any ofthe information we provide on this website and/or through our securityadvisories. Our advisories are a service to our customers intended topromote secure installation and use of Secure Science Corporation products.

Prev by Date: [USN-120-1] Apache 2 vulnerability
Next by Date: [USN-123-1] Xine library vulnerabilities
Previous by thread: [USN-120-1] Apache 2 vulnerability
Next by thread: [USN-123-1] Xine library vulnerabilities
Index(es):
- Date
- Thread