Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Marvin Attack: potential key recovery through timing sidechannels #197

Open
sebadob opened this issue Dec 1, 2023 · 1 comment
Open
Labels
dependencies Pull requests that update a dependency file invalid This doesn't seem right

Comments

@sebadob
Copy link
Owner

sebadob commented Dec 1, 2023

The Rust rsa crate has been found vulnerable in some form to the Marvin Attack.
The maintainers are actively working on a fix for this in RSA/394 .

As soon as this fix is in place, Rauthy will be updated with the new version to mitigate this attack.
A change to something like boring will not be done, because I want to stay pure Rust as much as possible and the compilation to musl targets should not be broken (which would happen with C bindings like boring).

@sebadob
Copy link
Owner Author

sebadob commented Dec 15, 2023

Update:

The changes on the pure rust rsa crate seem to be quite a bit bigger.
This is not a big problem though, it only "looks ugly" to have this issue here.

The rsa crate is used by Rauthy for issuing and verifying RSA signed tokens, which do exist for compatibility only, while the default is EdDSA.
The crate is vulnerable to constant timing attacks with a medium severity. This could potentially leak information about the private key, if RSA operations are observable over the network.

This does not apply to Rauthy!

To take advantage of this issue, an attacker would need to observe the RSA operations while signing tokens, which is not possible, because this is done internally only.
The main target of this attack would be an RSA Key Exchange for instance.

This is the CVE for this vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2023-49092

@sebadob sebadob added the dependencies Pull requests that update a dependency file label Feb 8, 2024
@sebadob sebadob added the invalid This doesn't seem right label Dec 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file invalid This doesn't seem right
Projects
None yet
Development

No branches or pull requests

1 participant