About attacks on the voucher system
0tt0 last edited by
pfSense is mentioned as an example of "odd RSA implementation" that provides questionable security, in a paper at iacr.
"In particular users of the pfSense voucher system are urgently recommended to choose the
magic number employed in generating and verifying the voucher codes (see ) at random,
keep it secret and change it regularly in order to prevent the known-plaintext attack described
eri-- last edited by
In 2.0.2 and newer versions that are going to be release the problem has mitigated presented on that paper.