Bug #2657: Potential weakness of the captive portal voucher system (design issue) - pfSense - pfSense bugtracker

Actions

Copy link

Bug #2657

closed

Potential weakness of the captive portal voucher system (design issue)

Added by Hans-Joachim Knobloch almost 13 years ago. Updated over 9 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Captive Portal

Target version:

Start date:

10/11/2012

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

Affected Architecture:

Description

If the holder of a voucher can guess the encoded roll and ticket IDs and magic number (in particular if the default configuration magic number or no magic number at all is used), it is possible to deduce the RSA modulus employed by the voucher system and factor it due to its short length.

See the enclosed paper which has been submitted to the IACR ePrint archive.

Files

Breaking Public Keys .pdf (31 KB) Breaking Public Keys .pdf

Hans-Joachim Knobloch, 10/11/2012 08:33 AM

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #2657

Potential weakness of the captive portal voucher system (design issue)

Updated by Chris Buechler almost 13 years ago

Updated by Ermal Luçi almost 13 years ago

Updated by Jeremy Porter over 9 years ago