[Mono-bugs] [Bug 70171][Wis] Changed - Montgomery implementation inefficient and insecure
bugzilla-daemon@bugzilla.ximian.com
bugzilla-daemon@bugzilla.ximian.com
Thu, 16 Dec 2004 14:27:14 -0500 (EST)
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by sebastien@ximian.com.
http://bugzilla.ximian.com/show_bug.cgi?id=70171
--- shadow/70171 2004-12-06 19:52:21.000000000 -0500
+++ shadow/70171.tmp.26231 2004-12-16 14:27:14.000000000 -0500
@@ -1,12 +1,12 @@
Bug#: 70171
Product: Mono: Class Libraries
Version: unspecified
OS: All
OS Details:
-Status: NEEDINFO
+Status: CLOSED
Resolution:
Severity: Unknown
Priority: Wishlist
Component: Mono.Security
AssignedTo: sebastien@ximian.com
ReportedBy: pieter@mentalis.org
@@ -188,6 +188,20 @@
blinding is ON by default (Mono.Security 2.x API will have a property
to turn it off). RSACryptoServiceProvider (in mscorlib) has no way to
turn it off.
However this fix doesn't cover possible timing attacks on the
Diffie-Hellman implementation in Mono.Security.dll.
+
+------- Additional Comments From sebastien@ximian.com 2004-12-16 14:27 -------
+After talking with Pieter,
+
+for problem #1
+* The fix (key blinding) render a timing attack ineffective;
+
+for problem #2
+* The code (translated to C) and platform (smartcard) used to attack
+the keys doesn't reflect Mono environments very well - so that
+particuliar attack code isn't applicable as is. Similar attacks (see
+papers) suggests that problems may occurs if someone can measure your
+private key calculations with tens of thousands to millions samples.
+Key blinding (1.0.4/1.1.3) fix this potential problem.