[Mono-bugs] [Bug 70171][Wis] Changed - Montgomery implementation inefficient and insecure

bugzilla-daemon@bugzilla.ximian.com bugzilla-daemon@bugzilla.ximian.com
Mon, 6 Dec 2004 19:52:21 -0500 (EST)

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by sebastien@ximian.com.


--- shadow/70171	2004-12-06 09:24:08.000000000 -0500
+++ shadow/70171.tmp.1428	2004-12-06 19:52:21.000000000 -0500
@@ -179,6 +179,15 @@
 As for problem #2 (finding out how it affects Mono) I still hope to
 get more informations about your tests (i.e. how they were conducted,
 number of samples required, retrieval time versus key length, ...) and
 how key blinding would affect the results.
+------- Additional Comments From sebastien@ximian.com  2004-12-06 19:52 -------
+Commited key blinding for RSAManaged on both HEAD and MONO-1-0. Key
+blinding is ON by default (Mono.Security 2.x API will have a property
+to turn it off). RSACryptoServiceProvider (in mscorlib) has no way to
+turn it off. 
+However this fix doesn't cover possible timing attacks on the
+Diffie-Hellman implementation in Mono.Security.dll.