You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Originally reported by: Manuel Aude Morales (Bitbucket: Mamsaac, GitHub: Mamsaac)
After checking the source code, it seems to me that the implementation is vulnerable to timing attacks, which RSA is particularly weak to, specially since the implementation is pure Python and doesn't use C.
Originally reported by: Manuel Aude Morales (Bitbucket: Mamsaac, GitHub: Mamsaac)
After checking the source code, it seems to me that the implementation is vulnerable to timing attacks, which RSA is particularly weak to, specially since the implementation is pure Python and doesn't use C.
Recommended way to prevent a timing attack would be to do blinding on decryption (you do that by blinding the encrypted value, decrypting and then unblinding. For more information, you can consult https://en.wikipedia.org/wiki/Blinding_%28cryptography%29) or PyCrypto's implementation (it has both C and Python implementation. On python's code, bllinding happens in:
https://github.com/dlitz/pycrypto/blob/master/lib/Crypto/PublicKey/RSA.py#L243 and is implemented at https://github.com/dlitz/pycrypto/blob/master/lib/Crypto/PublicKey/_slowmath.py#L41).
The text was updated successfully, but these errors were encountered: