Hi Simon--
On 03/17/2011 04:45 AM, Simon Josefsson wrote:
Don't forget to add RSA blinding, otherwise it may be vulnerable in the real world. I wish Nettle supported this natively, RSA is not generally safe without it.
Thanks for this suggestion -- i'm not sure that the perl bindings are the right place to do this, though. Do other Nettle language bindings handle RSA blinding? I'd rather have the perl bindings stay fairly close to the underlying C library.
My understanding is that RSA blinding is a countermeasure against timing attacks, and that it introduces a new dependency on some sort of RNG (though perhaps a weak one?) to parts of the process that wouldn't otherwise need it. I'd certainly prefer to have that handled within the lower-level library if possible, though i wouldn't mind creating and handing in a yarrow context for each of these operations.
--dkg