On Wednesday, 25 October 2017 at 22:46:27 UTC, Adam Wilson wrote:
On 10/25/17 11:23, H. S. Teoh wrote:
On Wed, Oct 25, 2017 at 08:17:21AM -0600, Jonathan M Davis via
Digitalmars-d wrote:
[...]
[...]
Yeah. There have been timing attacks against otherwise-secure
crypto
algorithms that allow extraction of the decryption key. And
other
side-channel attacks along the lines of CRIME or BREACH. Even
CPU
instruction timing attacks have been discovered that can leak
which path
a branch in a crypto algorithm took, which in turn can reveal
information about the decryption key. And voltage variations
to deduce
which bit(s) are 1's and which are 0's. Many of these remain
theoretical attacks, but the point is that these weaknesses
can come
from things you wouldn't even know existed in your code.
Crypto code
must be subject to a LOT of scrutiny before it can be trusted.
And not
just cursory scrutiny like we do with the PR queue on github;
we're
talking about possibly instruction-by-instruction scrutiny of
the kind
that can discover vulnerabilities to timing or voltage.
I would not be comfortable entrusting any important data to D
crypto
algorithms if they have not been thoroughly reviewed.
T
I am one-hundred-ten percent in agreement with Mr. Teoh here.
Even .NET Framework and Core forward to the highly vetted
system crypto API's (SChannel on Windows and OpenSSL on
Linux/macOS). If you need RSA crypto in D, pull in OpenSSL.
Period. Everything else is a good way to run afoul of a
security audit, and potentially expose yourself.
Phobos could forward to these system provided API's like .NET
does and provide an idiomatic D interface, but Phobos itself
should absolutely and 110% stay out of the crypto
implementation business.
I think you made a very good point, it was also mentioned by
someone else in this thread. Phobos could provide a crypto
interface with implementions for SChannel, mbedtls, openssl.
On Windows SChannel would be used as default implementation and
on the other operation systems either openssl or mbedtls.
This would be very convenient and we would avoid opening the
Pandora box.
I will close my issue and create a new one with the request for a
crypto interface in Phobos.
Kind regards
Andre
