<div dir="ltr"><div class="gmail_quote"><div dir="ltr"><div class="gmail_extra"><pre style="color:rgb(0,0,0);font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial;word-wrap:break-word;white-space:pre-wrap">This bad use of RSA was reported back in Sept 2003. Is it fixed the latest version?</pre><pre style="color:rgb(0,0,0);font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial;word-wrap:break-word;white-space:pre-wrap">tinc's real problem though is the handshake protocol, in which the client and
server exchange random RSA-encrypted strings.  That's raw bit strings, there's
no PKCS #1 or OAEP padding, and the server is happy to act as an oracle for
you too.  This is a terrible way to use RSA, and usually compromises the key.</pre>

<br></div></div>
</div><br></div>