Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision |
pgpfan:rsabad [2022/04/02 16:41] – Mostly rewrite. b.walzer | pgpfan:rsabad [2023/11/07 16:25] – Not theoretical anymore. b.walzer |
---|
>// Instead, developers are encouraged to choose a large d such that Chinese remainder theorem techniques can be used to speed up decryption. However, this approach’s complexity increases the probability of subtle implementation errors, which [[https://www.cs.tau.ac.il/~tromer/courses/infosec11/Boneh%20DeMillo%20Lipton%201997%20---%20On%20the%20importance%20of%20eliminating%20errors%20in%20cryptographic%20protocols.pdf|can lead to key recovery]].// | >// Instead, developers are encouraged to choose a large d such that Chinese remainder theorem techniques can be used to speed up decryption. However, this approach’s complexity increases the probability of subtle implementation errors, which [[https://www.cs.tau.ac.il/~tromer/courses/infosec11/Boneh%20DeMillo%20Lipton%201997%20---%20On%20the%20importance%20of%20eliminating%20errors%20in%20cryptographic%20protocols.pdf|can lead to key recovery]].// |
| |
The linked article doesn't describe any sort of implementation error. Instead it describes a completely theoretical hardware attack. | The linked article doesn't describe any sort of implementation error. Instead it describes an attack based on hardware faults((This originally used the term "theoretical" to describe the attack. See the more recent [[https://eprint.iacr.org/2023/1711.pdf|Passive SSH Key Compromise via Lattices]], which shows that this sort of weakness exists at the rate of one per million SSH records.)). |
| |
>//Public Exponent// | >//Public Exponent// |
Alternatively, it is a completely accurate conception that failing to validate your elliptic curve parameters properly can lead to [[https://research.nccgroup.com/2021/11/18/an-illustrated-guide-to-elliptic-curve-cryptography-validation/|bad outcomes]]. In some cases, failure to properly validate gets an attacker the secret key material. | Alternatively, it is a completely accurate conception that failing to validate your elliptic curve parameters properly can lead to [[https://research.nccgroup.com/2021/11/18/an-illustrated-guide-to-elliptic-curve-cryptography-validation/|bad outcomes]]. In some cases, failure to properly validate gets an attacker the secret key material. |
| |
Note all the conditional bits covered by the linked article. Different curves have different properties and different issues. There are a bunch of different curves in common use while RSA pretty much always uses 65537 for the one and only implementer controlled parameter (public exponent). | Note all the conditional bits covered by the linked article in the previous paragraph. Different curves have different properties and different issues. There are a bunch of different curves in common use while RSA pretty much always uses 65537 for the one and only implementer controlled parameter (public exponent). |
| |
[[pgpfan:index|PGP FAN index]]\\ | [[pgpfan:index|PGP FAN index]]\\ |
[[em:index|Encrypted Messaging index]] | [[em:index|Encrypted Messaging index]] |
| |