mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-03-22 06:38:37 -05:00
docs: Correct proven-primes side channel risk.
After reading Simon's wishlist write-up 'rsa-gen-side-channels'.
This commit is contained in:
Jacob Nevins
parent
660b8047cb
commit
7843b428ad
@ -177,12 +177,14 @@ are prime, because it generates the output number together with a
|
|||||||
proof of its primality. This takes more effort, but it eliminates that
|
proof of its primality. This takes more effort, but it eliminates that
|
||||||
theoretical risk in the probabilistic method.
|
theoretical risk in the probabilistic method.
|
||||||
|
|
||||||
There in one way in which PuTTYgen's proven-primes method is not
|
There in one way in which PuTTYgen's \q{proven primes} method is not
|
||||||
strictly better than its probable-primes method. If you use PuTTYgen
|
strictly better than its \q{probable primes} method. If you use
|
||||||
to generate RSA or DSA keys on a computer that is potentially
|
PuTTYgen to generate an RSA key on a computer that is potentially
|
||||||
susceptible to timing- or cache-based \i{side-channel attacks}, such
|
susceptible to timing- or cache-based \i{side-channel attacks}, such
|
||||||
as a shared computer, the \q{probable primes} method is designed to
|
as a shared computer, the \q{probable primes} method is designed to
|
||||||
resist such attacks, whereas the \q{proven primes} methods are not.
|
resist such attacks, whereas the \q{proven primes} methods are not.
|
||||||
|
(This is only a concern for RSA keys; for other key types, primes
|
||||||
|
are either not secret or not involved.)
|
||||||
|
|
||||||
You might choose to switch from probable to proven primes if you have
|
You might choose to switch from probable to proven primes if you have
|
||||||
a local security standard that demands it, or if you don't trust the
|
a local security standard that demands it, or if you don't trust the
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user