22a68878e4
Implement optional constant-time decryption flow to hinder Bleichenbacher-like attacks against RSA- and ElGamal public-key encrypted session keys. Changes: - Add `config.constantTimePKCS1Decryption` to enable the constant-time processing (defaults to `false`). The constant-time option is off by default since it has measurable performance impact on message decryption, and it is only helpful in specific application scenarios (more info below). - Add `config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms` (defaults to the AES algorithms). The set of supported ciphers is restricted by default since the number of algorithms negatively affects performance. Bleichenbacher-like attacks are of concern for applications where both of the following conditions are met: 1. new/incoming messages are automatically decrypted (without user interaction); 2. an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely). |
||
|---|---|---|
| .. | ||
| benchmarks | ||
| crypto | ||
| general | ||
| security | ||
| typescript | ||
| worker | ||
| karma.conf.js | ||
| unittests.html | ||
| unittests.js | ||