[Mono-bugs] [Bug 70171][Wis] Changed - Montgomery implementation inefficient and insecure

bugzilla-daemon@bugzilla.ximian.com bugzilla-daemon@bugzilla.ximian.com
Mon, 6 Dec 2004 19:52:21 -0500 (EST)

Previous message: [Mono-bugs] [Bug 70264][Nor] Changed - Xsp on windows is not setting content-length or FIN on reply.
Next message: [Mono-bugs] [Bug 69721][Wis] Changed - Add /key switch to ilasm
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by sebastien@ximian.com.

http://bugzilla.ximian.com/show_bug.cgi?id=70171

--- shadow/70171	2004-12-06 09:24:08.000000000 -0500
+++ shadow/70171.tmp.1428	2004-12-06 19:52:21.000000000 -0500
@@ -179,6 +179,15 @@
 
 As for problem #2 (finding out how it affects Mono) I still hope to
 get more informations about your tests (i.e. how they were conducted,
 number of samples required, retrieval time versus key length, ...) and
 how key blinding would affect the results.
 
+
+------- Additional Comments From sebastien@ximian.com  2004-12-06 19:52 -------
+Commited key blinding for RSAManaged on both HEAD and MONO-1-0. Key
+blinding is ON by default (Mono.Security 2.x API will have a property
+to turn it off). RSACryptoServiceProvider (in mscorlib) has no way to
+turn it off. 
+
+However this fix doesn't cover possible timing attacks on the
+Diffie-Hellman implementation in Mono.Security.dll.

Previous message: [Mono-bugs] [Bug 70264][Nor] Changed - Xsp on windows is not setting content-length or FIN on reply.
Next message: [Mono-bugs] [Bug 69721][Wis] Changed - Add /key switch to ilasm
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]