Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries
Schneier on Security
APRIL 22, 2022
Interesting implementation mistake : The vulnerability, which Oracle patched on Tuesday , affects the company’s implementation of the Elliptic Curve Digital Signature Algorithm in Java versions 15 and above. ECDSA is an algorithm that uses the principles of elliptic curve cryptography to authenticate messages digitally. […]. ECDSA signatures rely on a pseudo-random number, typically notated as K, that’s used to derive two additional numbers, R and S.
Let's personalize your content