Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This was allowed in the rust-rsa crate directly before, which is why it was introduced in that commit.


Yep, I saw the upstream[1].

However, I misread this: I thought the padding was being done on the cleartext signing side, but this is padding of the signature itself. So there's some malleability here, but it isn't susceptible to DO'1985. I'll update my top-level comment.

[1]: https://github.com/RustCrypto/RSA/issues/272


Glad people care to look, that's what matters.


Thanks, appreciate the careful check!




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: