- From: <bugzilla@jessica.w3.org>
- Date: Fri, 09 May 2014 15:44:53 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25431 --- Comment #4 from Mark Watson <watsonm@netflix.com> --- Regarding the attack in the title of this bug, is it not a general issue that where several primitive operations are concatenated it is a problem if the error codes indicate at which stage the combined operation failed ? Or, is it the case that RSAES with unwrap is the one example where there is a known attack (due to the particular weakness of RSAES padding) which can exploit this knowledge of which stage failed ? Wouldn't it be prudent to eliminate the distinction and just return a single error code in the case of any operation that can fail in multiple distinct ways ? Regarding the timing attack mentioned by Ryan, it seems it is a general quality-of-implementation issue to mitigate such attacks with constant-time implementations. And it seems to me this could apply to many other operations, although it may be the case - as above - that RSA-ES may be the one example where there is a well-known attack. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Friday, 9 May 2014 15:44:59 UTC