aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/x509
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-12-16 20:33:49 -0500
committerJack Lloyd <[email protected]>2018-12-18 10:20:35 -0500
commit70aa7303acfff9eefc24598c289a84db3579ebd1 (patch)
tree56506633ac75588c95c7b9277e61e13d932aa85e /src/lib/x509
parentc36f2885b896de0db5713b1bda0a294fc4060909 (diff)
Avoid using unblinded Montgomery ladder during ECC key generation
As doing so means that information about the high bits of the scalar can leak via timing since the loop bound depends on the length of the scalar. An attacker who has such information can perform a more efficient brute force attack (using Pollard's rho) than would be possible otherwise. Found by Ján Jančár (@J08nY) using ECTester (https://github.com/crocs-muni/ECTester) CVE-2018-20187
Diffstat (limited to 'src/lib/x509')
0 files changed, 0 insertions, 0 deletions