Comments (5)
mberry
commented on June 7, 2024
1
The vulnerable code was released in January 2011, so it took well over a decade for this vulnerability to be found. It appears to be difficult to find vulnerabilities in cryptographic implementations, even though they play a critical role in the overall security of a system.
Prudence suggests it's best to leave our 90s feature as a quick and easy drop-in for any surprises with SHA3.
https://mouha.be/sha-3-buffer-overflow/
Unless there is any more discussion I'll close this issue one month from now.
from kyber.
mberry
commented on June 7, 2024
Thanks for the update.
For now, happy to leave it, it's feature gated code so doesn't impact anyone not using it. The HW advantages might benefit someone out there.
Given the recent CVE in the official SHA-3 implementation, I'd err on the side of keeping it in there as an alternative.
Guess I'll have to read up on the patent matter, was under the impression that was resolved a while ago?
from kyber.
bwesterb
commented on June 7, 2024
Given the recent CVE in the official SHA-3 implementation
This did not affect Kyber's SHA-3 implementation. I'm pretty confident that SHA-3 is easier to implement correctly and safely than the 90s mode.
from kyber.
mberry
commented on June 7, 2024
Sure, but the fact that such a simple exploit existed in XKCP for so many years after standardisation is fair reason for general caution and keeping 90's mode as an alternative widely implemented even on the most low-end devices that can be quickly switched out with nothing more than a cargo feature flag if needed.
SHA3 hardware acceleration is the ideal outcome for everyone yet a slow ongoing process.
This library will aim to maintain 90's mode as specified in round 3 unless there is a security issue from doing so or overwhelming performance regressions compared to using Keccak on most hardware.
from kyber.
mberry
commented on June 7, 2024
Alright so a bit late to do it but this is getting closed. Yet to see any coherent arguments against keeping it, if there is implementation flaws in the 90s code or an underlying issue please contact via security.md
Everyone should be aware there are benefits and drawbacks of using 90's mode in this repo depending on platform.
Shake and SHA3 (ie not 90s mode) is the default and recommend for basically all use-cases, we have a benchmarking suite for you to easily compare the two on your hardware.
from kyber.
Related Issues (20)
- Use `aes` crate? HOT 2
- `std` as a default feature
- Inefficient KEX struct
- Get criterion v0.5 working
- Inconsistent between C and Rust implementations HOT 4
- Potential security vulnerability: non-constant-time usages of division HOT 4
- Release CI github action HOT 1
- Add rustfmt.toml file HOT 1
- API Redesign & Ergonomics HOT 1
- memfd support HOT 1
- v0.5.0 not on master HOT 1
- Kyber does not allow explicit rejection HOT 7
- fips202 keccak_absorb does not absorb properly HOT 1
- gen_matrix is incorrect HOT 2
- MacOS: fails benchmarks HOT 10
- How to send encrypted public key to the server in Mutually Authenticated Key Exchange? HOT 2
- Kyber not compiling with React
- NSA suggestions HOT 2
- Error compiling pqc_kyber library in rust program`(panic_handler)` HOT 3
- Massive amounts of `clippy` warnings HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kyber.