canmove, Confirmed users
937
edits
Security Policy: Difference between revisions
→Mitigation of Other Attacks
| Line 183: | Line 183: | ||
attacks: | attacks: | ||
*timing attacks on RSA; | *timing attacks on RSA; | ||
*cache-timing attacks on the modular exponentiation operation used in RSA and DSA. | *cache-timing attacks on the modular exponentiation operation used in RSA and DSA; | ||
*arithmetical errors in RSA signatures. | |||
The NSS software cryptographic module implements the following security | The NSS software cryptographic module implements the following security | ||
| Line 189: | Line 190: | ||
*RSA blinding: most recently Boneh and Brumley[1] showed that RSA blinding is an effective defense against timing attacks on RSA. | *RSA blinding: most recently Boneh and Brumley[1] showed that RSA blinding is an effective defense against timing attacks on RSA. | ||
*Cache invariant modular exponentiation: this is a variant of a modular exponentiation implementation that Colin Percival[2] showed to defend against cache-timing attacks. | *Cache invariant modular exponentiation: this is a variant of a modular exponentiation implementation that Colin Percival[2] showed to defend against cache-timing attacks. | ||
*Doublechecking RSA signatures: Arithmetical errors in RSA signatures might leak the private key. Ferguson and Schneier[3] recommend that every RSA signature generation should verify the signature just generated. RSA signature verification is relatively fast and is likely to catch arithmetical errors in signatures. | |||
== Results of FIPS 140-2 Level 2 Maintenance Validation of NSS 3.11.5 == | == Results of FIPS 140-2 Level 2 Maintenance Validation of NSS 3.11.5 == | ||