| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Use blinding for the RSA secret operation. | Werner Koch | 2013-12-03 | 1 | -0/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * cipher/random.c (randomize_mpi): New. * g10/gpgv.c (randomize_mpi): New stub. * cipher/rsa.c (USE_BLINDING): Define macro. (secret): Implement blinding. -- GPG 1.x has never used any protection against timing attacks on the RSA secret operation. The rationale for this has been that there was no way to mount a remote timing attack on GnuPG. With the turning up of Acoustic Cryptanalysis (http://cs.tau.ac.il/~tromer/acoustic) this assumption no longer holds true and thus we need to do do something about it. Blinding seems to be a suitable mitigation to the threat of key extraction. It does not help against distinguishing used keys, though. Note that GPG 2.x uses Libgcrypt which does blinding by default. The performance penalty is negligible: Modifying the core pubkey_sign or pubkey_decrypt function to run 100 times in a loop, the entire execution times for signing or decrypting a small message using a 4K RSA key on a Thinkpad X220 are Without blinding: 5.2s (8.9s) With blinding: 5.6s (9.3s) The numbers in parentheses give the values without the recently implemented k-ary exponentiation code. Thus for the next release the user will actually experience faster signing and decryption. A drawback of blinding is that we need random numbers even for decryption (albeit at low quality). Signed-off-by: Werner Koch <[email protected]> CVE-id: CVE-2013-4576 | ||||
| * | Switched to GPLv3. | Werner Koch | 2007-10-23 | 1 | -4/+2 |
| | | | | | | Updated gettext. | ||||
| * | Lock random seed file | Werner Koch | 2006-02-09 | 1 | -0/+1 |
| | | |||||
| * | Converted all m_free to xfree etc. | Werner Koch | 2005-07-27 | 1 | -1/+1 |
| | | |||||
| * | Updated FSF street address and preparations for a release candidate. | Werner Koch | 2005-05-31 | 1 | -1/+2 |
| | | |||||
| * | Update head to match stable 1.0 | David Shaw | 2002-06-29 | 1 | -0/+41 |
| | | |||||
| * | Removed files from the HEAD revision, because they are now in another | Werner Koch | 2000-12-19 | 1 | -40/+0 |
| | | | | | | repository | ||||
| * | See ChangeLog: Wed Oct 4 13:16:18 CEST 2000 Werner Koch | Werner Koch | 2000-10-04 | 1 | -0/+2 |
| | | |||||
| * | See ChangeLog: Sat Nov 13 17:44:23 CET 1999 Werner Koch | Werner Koch | 1999-11-13 | 1 | -1/+0 |
| | | |||||
| * | See ChangeLog: Wed Sep 15 16:22:17 CEST 1999 Werner KochV1-0-4V1-0-3V1-0-2V1-0-1-ePit-1 | Werner Koch | 1999-09-15 | 1 | -0/+5 |
| | | |||||
| * | See ChangeLog: Fri Jul 2 11:45:54 CEST 1999 Werner Koch | Werner Koch | 1999-07-02 | 1 | -0/+1 |
| | | |||||
| * | See ChangeLog: Tue Jan 12 11:17:18 CET 1999 Werner Koch | Werner Koch | 1999-01-12 | 1 | -0/+1 |
| | | |||||
| * | See ChangeLog: Wed Dec 23 13:34:22 CET 1998 Werner Koch | Werner Koch | 1998-12-23 | 1 | -3/+3 |
| | | |||||
| * | Restructured the RNG source and add support for loadable | Werner Koch | 1998-11-25 | 1 | -8/+1 |
| | | | | | | random modules. | ||||
| * | chnages done at the train | Werner Koch | 1998-08-07 | 1 | -1/+0 |
| | | |||||
| * | can create v4 signatures | Werner Koch | 1998-05-13 | 1 | -1/+1 |
| | | |||||
| * | some cleanups | Werner Koch | 1998-03-19 | 1 | -0/+1 |
| | | |||||
| * | partial DSA support | Werner Koch | 1998-03-09 | 1 | -0/+39 |
 |
index : GnuPG | |
| The GNU Privacy Guard |
| aboutsummaryrefslogtreecommitdiffstats |