You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The implementations of PrivateKey.Equal in the crypto/ed25519, crypto/ecdsa, and crypto/rsa packages
leak timing information during key comparison. We do not consider this a serious security issue, as
attacker controlled private key attacks are generally considered out of scope, the Equals methods
are not used during any cryptographic operations, and because these methods were never documented to
be constant-time.
Regardless, we should make these methods constant-time, since it is (mostly) trivial to do, and because
our stance is that the crypto/* libraries should be generally safe to use by default, and hard to
misuse.
Thanks to Zach Collier (@zamicol) for reporting this issue to the Security team.
The text was updated successfully, but these errors were encountered:
The implementations of PrivateKey.Equal in the crypto/ed25519, crypto/ecdsa, and crypto/rsa packages
leak timing information during key comparison. We do not consider this a serious security issue, as
attacker controlled private key attacks are generally considered out of scope, the
Equal
s methodsare not used during any cryptographic operations, and because these methods were never documented to
be constant-time.
Regardless, we should make these methods constant-time, since it is (mostly) trivial to do, and because
our stance is that the crypto/* libraries should be generally safe to use by default, and hard to
misuse.
Thanks to Zach Collier (@zamicol) for reporting this issue to the Security team.
The text was updated successfully, but these errors were encountered: