Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Not to mention the most difficult issue that even mainstream libraries (like libgcrypt which is used by gpg) get wrong: implementing rsa in constant time as to avoid timing side channel attacks. I would argue that understanding and implementing elliptic curves (the modern ones especically) correctly is much easier.


Do you have a reference to any practical side channel attack on, say, 2048 bit RSA using the current version of libgcrypt? If so it should be filed as a bug.


https://eprint.iacr.org/2017/627.pdf


The current version of libgcrypt is not practically exploitable using the technique described in that 3 year old paper.


I remember that their changes <https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=c... were still variable time and thus able to leak secrets. I presume that nobody bothered exploiting yet.

Anyway, even if this was fixed (which I doubt it) the point is that they had vulnerable code for 18 years.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: