cancel
Showing results for 
Search instead for 
Did you mean: 

weakness in the signature algorithms on non-accelerated hardware in the cryptographic library

jose luu
Associate III
Posted on August 25, 2017 at 20:14

Hi all,

The signature algorithms (DSA or ECDSA) all require a random number. If this random number can be guessed, the signature becomes weak and the private key can be recovered (cf. the Sony PS3 signature affair).

It seems that this random number cannot be set at signature time (functions

RSA_PKCS1v15_Sign

 or  ECDSAsign) and the the security in non hardware-RNG mode likely relies on the pseudo-random generator and

on its initialization (as this is usually difficult to get 

properly

done).

It

 would be a nice improvement to the library to add this capability via an extra argument, as one could use a value like HMAC(message,priv_key) as this is done in ED25519 and in some systems.

Does anyone has experience with the quality of the signatures in the different modes (hardware and firmware RNG) ?

Thanks

Jose

1 REPLY 1
Posted on August 25, 2017 at 20:50

I don't understand the lack of source, most of this is entirely lifted from public domain sources, or derivatives thereof.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..