Mark use of PKCS1v15 for encryption and decryption a vulnerability
#1071
Labels
enhancement
New feature or request
Comments
|
Same thing applies to python-rsa package: sybrenstuvel/python-rsa#230 but then, use of any private keys with it is insecure: https://github.com/sybrenstuvel/python-rsa#security not just PKCS#1 v1.5 decryption |
|
Same thing applies to the M2Crypto library: https://gitlab.com/m2crypto/m2crypto/-/issues/342 |
|
The M2Crypto issue has been assigned CVE-2023-50781, the pyca/cryptography issue has been assigned CVE-2023-50782 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
While
pyca/cryptographyis generally a high quality wrapper around OpenSSL, because of peculiarities of Python it is impossible to handle PKCS#1 v1.5 decryption failures in side channel free manner. As such, all usages of it will leak information useful in mounting the Bleichenbacher/Marvin attack: pyca/cryptography#9785Describe the solution you'd like
Any use of the
cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15for decryption (or encryption) should be marked as vulnerabilities.Describe alternatives you've considered
it's impossible to handle exceptions in Python in side-channel free manner
the PKCS#1 v1.5 is known to be insecure for over 25 years at this point, it's high time to stop use of it
the alternative is to use RSA-OAEP encryption
Additional context
https://people.redhat.com/~hkario/marvin/
Love this idea? Give it a 👍. We prioritize fulfilling features with the most 👍.
The text was updated successfully, but these errors were encountered: