You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
RSA PKCS#1 v1.5 encryption is a fairly old asymmetric encryption scheme, with a number of pitfalls in implementation and use, most notably the Bleichenbacher attack and new variants of it that keep being published - the latest in date being the Marvin attack.
In 1998 a superior replacement (RSA OAEP) was standardized in PKCS#1 v2.0, which has been recommended ever since.
The only place in Mbed TLS still using RSAv1 encryption is the non-foward-secure RSA key exchanges in TLS 1.2 which are already candidates for removal in 4.0.
The proposal here is to remove support for RSAv1 from PSA crypto as well. (We could just remove the built-in implementation and still allow people to add a driver for it if they're confident they can implement it and use it securely.)
The text was updated successfully, but these errors were encountered:
RSA PKCS#1 v1.5 encryption is a fairly old asymmetric encryption scheme, with a number of pitfalls in implementation and use, most notably the Bleichenbacher attack and new variants of it that keep being published - the latest in date being the Marvin attack.
In 1998 a superior replacement (RSA OAEP) was standardized in PKCS#1 v2.0, which has been recommended ever since.
The only place in Mbed TLS still using RSAv1 encryption is the non-foward-secure RSA key exchanges in TLS 1.2 which are already candidates for removal in 4.0.
The proposal here is to remove support for RSAv1 from PSA crypto as well. (We could just remove the built-in implementation and still allow people to add a driver for it if they're confident they can implement it and use it securely.)
The text was updated successfully, but these errors were encountered: