nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-04-10 15:48:06 -05:00
Code Issues Projects Releases Wiki Activity

Note side-channel resistance of probable primes.

Browse Source 
This came in around d8fda3b6da.
This commit is contained in:
Jacob Nevins 2022-01-11 23:57:20 +00:00
parent f0162af6a5
commit 39d1515ea6
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
doc/pubkey.but
View File

@ -177,6 +177,13 @@ are prime, because it generates the output number together with a
proof of its primality. This takes more effort, but it eliminates that
theoretical risk in the probabilistic method.
There in one way in which PuTTYgen's proven-primes method is not
strictly better than its probable-primes method. If you use PuTTYgen
to generate RSA or DSA keys on a computer that is potentially
susceptible to timing- or cache-based \i{side-channel attacks}, such
as a shared computer, the \q{probable primes} method is designed to
resist such attacks, whereas the \q{proven primes} methods are not.
You might choose to switch from probable to proven primes if you have
a local security standard that demands it, or if you don't trust the
probabilistic argument for the safety of the usual method.
@ -389,8 +396,8 @@ These options only affect PPK version 3.
\dt Key derivation function
\dd The variant of the \i{Argon2} key derivation function to use.
You might change this if you consider your exposure to side-channel
attacks to be different to the norm.
You might change this if you consider your exposure to \i{side-channel
attacks} to be different to the norm.
\dt Memory to use for passphrase hash