Vulnerable to side-channel attacks on decryption and signing. #19
Comments
|
Original comment by Sybren Stüvel (Bitbucket: sybren, GitHub: sybrenstuvel): This doesn't seem too difficult to implement, thanks for the links. Not sure when I'll be able to add this though (only so many hours in a day). |
12 tasks
This was referenced Mar 15, 2023
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Originally reported by: Manuel Aude Morales (Bitbucket: Mamsaac, GitHub: Mamsaac)
After checking the source code, it seems to me that the implementation is vulnerable to timing attacks, which RSA is particularly weak to, specially since the implementation is pure Python and doesn't use C.
Recommended way to prevent a timing attack would be to do blinding on decryption (you do that by blinding the encrypted value, decrypting and then unblinding. For more information, you can consult https://en.wikipedia.org/wiki/Blinding_%28cryptography%29) or PyCrypto's implementation (it has both C and Python implementation. On python's code, bllinding happens in:
https://github.com/dlitz/pycrypto/blob/master/lib/Crypto/PublicKey/RSA.py#L243 and is implemented at https://github.com/dlitz/pycrypto/blob/master/lib/Crypto/PublicKey/_slowmath.py#L41).
The text was updated successfully, but these errors were encountered: