Security Policy: Difference between revisions

Security Policy (view source)

1,248 bytes removed , 23 March 2007

m

219

edits

@@ Line 13: / Line 13: @@
-== Mitigation of Other Attacks ==
-The NSS cryptographic module is designed to mitigate the following
-attacks.
-{| border="1" cellpadding="2"
-|+
-|-
-!
-Other Attacks
-!
-Mitigation Mechanism
-!
-Specific Limitations
-|-
-| Timing attacks on RSA
-|| '''RSA blinding'''
-Timing attack on RSA was first demonstrated by Paul Kocher in 1996[1], who contributed the mitigation code to our module. Most recently Boneh and Brumley[2] showed that RSA blinding is an effective defense against timing attacks on RSA.
-|| None.
-|-
-| Cache-timing attacks on the modular exponentiation operation used in RSA and DSA
-|| '''Cache invariant modular exponentiation'''
-This is a variant of a modular exponentiation implementation that Colin Percival[3] showed to defend against cache-timing attacks.
-|| This mechanism requires intimate knowledge of the cache line sizes of the processor. The mechanism may be ineffective when the module is running on a processor whose cache line sizes are unknown.
-|-
-| Arithmetical errors in RSA signatures
-|| '''Double-checking RSA signatures'''
-Arithmetical errors in RSA signatures might leak the private key. Ferguson and Schneier[4] recommend that every RSA signature generation should verify the signature just generated.
-|| None.
-|-
-|}
 == Results of FIPS 140-2 Level 2 Validation of NSS Cryptographic Module 3.11.5 ==