[Botan-announce] 1.8.10 - AES timing attack countermeasures, changes to private key encryption
lloyd at randombit.net
Tue Aug 31 13:04:59 EDT 2010
I've released botan 1.8.10, available here:
This is a fairly minor release. The most notable changes are
- AES now uses a smaller table in the first round, this helps
avoid/make more difficult certain forms of cache analysis attacks.
(Though it's very likely any table-based AES implementation is
vulnerable to such attacks; if you are worried about them consider
using the constant time SSSE3 version of AES added in 1.9.10).
- Private keys are now encrypted with AES-256 instead of 3DES. In
addition the default iteration count used for encrypting new keys
defaults to 10000 (rather than 2048).
- A new PBKDF interface that takes, along with the passphrase and
desired output length, the salt and iteration count to use.
In 1.9, the older version that only takes the passphrase and output
length, and assumes you set a salt and iteration count earlier, has
been removed. (That version remains in 1.8).
- In 1.9, the class S2K was renamed PBKDF because S2K caused some
confusion, and PBKDF is the more conventional name for this type of
algorithm (and is also easier to google for). A typedef of PBKDF to
S2K is used there for backwards compatability, but in this release
there is also a forwards compatability typedef of S2K to PBKDF,
along with a function get_pbkdf so you can start using the name now
Finally, if you haven't already, fill out the survey! It will take
just a few minutes and it lets me know what needs to be fixing. Even
if the answer is 'Nothing you damn fool quit changing stuff'. Maybe
More information about the botan-announce