|
|
|
|
|
|
by tialaramex
1535 days ago
|
|
|
A sort of oracle, yes. I believe there's a vulnerability with servers that are willing to attempt RSA kex (which no longer exists in TLS 1.3 and has been a bad idea for many years), where you can (at least in principle) arrange for them to do an operation which either reveals some bits of their private RSA key (extremely bad) or is equivalent to RSA signing a message of your choosing. RSA kex involves the server attempting to RSA decrypt messages chosen by an adversary. It's fuzzy, perhaps somebody will remind me of the specifics. |
|
|