Crypto Go :we are a research group to help developers build secure applications. #131
Labels
question
Further information is requested
Comments
|
Hi,
deprecated by who? |
|
Hello,
Thank you for your feedback. Here, we would like to supplement several explanations according to your question:
Two padding algorithms are provided in the official Go cryptographic library for RSA: PKCS\#1-v1.5 and optimal asymmetric encryption padding (OAEP). As PKCS\#1-v1.5 padding format may be used to recover the RSA private key in different settings [1], thus new secure padding method (i.e., OAEP) is proposed and recommended.
We hope these answers could be acceptable for you.
[1] Sazzadur Rahaman, Haipeng Cai, Omar Haider Chowdhury, and Danfeng Daphne Yao. 2021. From Theory to Code: Identifying Logical Flaws in Cryptographic Implementations in C/C++. IEEE Transactions on Dependable and Secure Computing (2021)
[2] Jakob Jonsson and Burt Kaliski. 2003. Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1. RFC 3447. (Feb. 2003). https://doi.org/10.17487/RFC3447
Thanks again.
Sincerely,
CryptoGo Team.
…------------------ 原始邮件 ------------------
发件人: "cristalhq/jwt" ***@***.***>;
发送时间: 2022年8月28日(星期天) 晚上6:19
***@***.***>;
***@***.******@***.***>;
主题: Re: [cristalhq/jwt] Crypto Go :we are a research group to help developers build secure applications. (Issue #131)
Hi,
Broken rule: R-07: RSASSA-PKCS1-v1_5 is deprecated;
deprecated by who?
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
|
Gonna close as stale and 'cause there is nothing to do. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, we are a research group to help developers build secure applications. We designed a cryptographic misuse detector (i.e., CryptoGo) on Go language. We found your great public repository from Github, and several security issues detected by CryptoGo are shown in the following.
Note that the cryptographic algorithms are categorized with two aspects: security strength and security vulnerability based on NIST Special Publication 800-57 and other public publications. Moreover, CryptoGo defined certain rules derived from the APIs of Go cryptographic library and other popular cryptographic misuse detectors. The specific security issues we found are as follows:
Location: algo_rs.go:79;
Broken rule: R-07: RSASSA-PKCS1-v1_5 is deprecated;
We wish the above security issues could truly help you to build a secure application. If you have any concern or suggestion, please feel free to contact us, we are looking forward to your reply. Thanks.
The text was updated successfully, but these errors were encountered: