Minerva vulnerability #411
Comments
|
I see this issue still haven't been triaged. Maintainers, any plans of fixing this issue? @J08nY do you have any plans on opening a PR here like you did for the other libraries you disclosed the vulnerability to? That might help push this forward if you are not too busy :) |
|
Sorry to be late response. It's fixed in release 8.0.13 today. |
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This library is very likely vulnerable to a timing attack on ECDSA signature generation which is described at:
https://minerva.crocs.fi.muni.cz
The ECDSA signing functions call the ECPointFp multiply method at:
https://github.com/kjur/jsrsasign/blob/master/src/ecdsa-modified-1.0.js#L214
https://github.com/kjur/jsrsasign/blob/master/src/ecdsa-modified-1.0.js#L231
This method uses a binary NAF method of multiplication, which leaks the bit-length of the scalar via timing, among other info. This is directly explitable by the above attack.
https://github.com/kjur/jsrsasign/blob/master/ext/ec.js#L185
The text was updated successfully, but these errors were encountered: