[Mono-bugs] [Bug 70171][Wis] Changed - Montgomery implementation inefficient and insecure
Mon, 6 Dec 2004 19:52:21 -0500 (EST)
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by email@example.com.
--- shadow/70171 2004-12-06 09:24:08.000000000 -0500
+++ shadow/70171.tmp.1428 2004-12-06 19:52:21.000000000 -0500
@@ -179,6 +179,15 @@
As for problem #2 (finding out how it affects Mono) I still hope to
get more informations about your tests (i.e. how they were conducted,
number of samples required, retrieval time versus key length, ...) and
how key blinding would affect the results.
+------- Additional Comments From firstname.lastname@example.org 2004-12-06 19:52 -------
+Commited key blinding for RSAManaged on both HEAD and MONO-1-0. Key
+blinding is ON by default (Mono.Security 2.x API will have a property
+to turn it off). RSACryptoServiceProvider (in mscorlib) has no way to
+turn it off.
+However this fix doesn't cover possible timing attacks on the
+Diffie-Hellman implementation in Mono.Security.dll.