[Bug 2101458] Review Request: starkbank-ecdsa - A lightweight and fast pure Python ECDSA library

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=2101458



--- Comment #17 from Clemens Lang <cllang@xxxxxxxxxx> ---
I would like to recommend testing this implementation for the Minerva timing
attack, though, especially considering that the author of python-ecdsa and the
person doing a lot of the recent research around this attack considers
pure-python implementation without a timing side channel impossible:
https://github.com/tlsfuzzer/python-ecdsa/issues/330#issuecomment-1941498889
and
https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/.


-- 
You are receiving this mail because:
You are always notified about changes to this product and component
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2101458

Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202101458%23c17

-- 
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite Conditions]     [KDE Users]

  Powered by Linux