mirror of
https://github.com/henrydcase/pqc.git
synced 2024-11-22 07:35:38 +00:00
Document security issues (#236)
It seems wise to include _some_ form of guidance on what we know about problems with certain (versions of) implementations. [ci skip]
This commit is contained in:
parent
dd11ffc241
commit
07543ba929
29
SECURITY.md
29
SECURITY.md
@ -9,4 +9,33 @@ We recommend careful expert code review before using any of the included impleme
|
||||
|
||||
See also the [NIST PQC Forum][forum] for discussion about the cryptographic schemes included in PQClean.
|
||||
|
||||
## Current and past security issues
|
||||
|
||||
We will attempt to document security vulnerabilities made known to us on a best-effort basis.
|
||||
If an issue is marked with a date, the issue has been resolved since any commits made after that date.
|
||||
|
||||
Again, we emphasise that the code in this repository has not seen any formal analysis or audit!
|
||||
Use at your own risk.
|
||||
|
||||
### Open issues
|
||||
* LEDAcryptKEM `leaktime` implementations are known to not be constant-time and expected to have timing side channel vulnerabilities.
|
||||
|
||||
<!-- new date line
|
||||
### 2019-XX-XX
|
||||
-->
|
||||
|
||||
### 2019-09-24
|
||||
* All Falcon implementations before [PR #235][PR 235] got merged were insecure. See [EPRINT report 2019/893][2019/893].
|
||||
|
||||
### 2019-09-10
|
||||
* The included incremental `sha512` implementation was calling `crypto_hashblocks_sha256` before 2019-9-10.
|
||||
This lead to an insufficient security level of the results of this hash function.
|
||||
The function was not used in any implementations, though.
|
||||
See [PR #232][PR 232].
|
||||
|
||||
|
||||
[2019/893]: https://eprint.iacr.org/2019/893
|
||||
[forum]: https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Email-List
|
||||
|
||||
[PR 232]: https://github.com/PQClean/PQClean/pull/232
|
||||
[PR 235]: https://github.com/PQClean/PQClean/pull/235
|
||||
|
Loading…
Reference in New Issue
Block a user