New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ECDSA signing is vulnerable to timing attacks #11

Open

frasertweedale opened this issue Apr 16, 2015 · 3 comments

Labels

bug

Owner

frasertweedale commented Apr 16, 2015

Crypto.PubKey.ECC.ECDSA signing operations are vulnerable to timing attacks.
Switch to a safe implementation.

http://hackage.haskell.org/package/crypto-pubkey-0.2.8/docs/Crypto-PubKey-ECC-ECDSA.html

frasertweedale added the bug label

frasertweedale mentioned this issue

Port to cryptonite #12

Closed

Contributor

sophie-h commented Jan 26, 2017

Am I right to assume this bug has actually been fixed with #12 been closed? There is still a warning in the README.

Owner Author

frasertweedale commented Jan 26, 2017

@sophie-h alas no, the latest version of cryptonite still apparently has the timing problem: https://hackage.haskell.org/package/cryptonite-0.21/docs/Crypto-PubKey-ECC-ECDSA.html

Contributor

sophie-h commented Jan 27, 2017 via email

Thank you for the clarification!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment