delta/python-packages/pycrypto.git, branch master github.com: dlitz/pycrypto.git README: Convert to Markdown and add end-of-life notice 2022-01-25T07:00:07+00:00 Darsey Litzenberger dlitz@dlitz.net 2022-01-25T06:57:52+00:00 65b43bd4ffe2a48bdedae986b1a291f5a2cc7df7 






Doc/pycrypt.rst: reStructuredText formatting fixes
2022-01-25T07:00:07+00:00

Darsey Litzenberger
dlitz@dlitz.net

2022-01-25T06:29:04+00:00

c2ebfaca998691bc4386f237cde351e926ca3cdb












LEGAL: Add old revisions of CodeSubmissionRequirements archived from www.dlitz.net
2022-01-25T07:00:06+00:00

Darsey Litzenberger
dlitz@dlitz.net

2022-01-25T05:40:09+00:00

d5782d87af27db8cc5776a3f476c11f8bb6e41a3












Name change + .mailmap
2022-01-25T06:48:14+00:00

Darsey Litzenberger
dlitz@dlitz.net

2022-01-25T05:14:47+00:00

9b0a52449b4b4e0afb691f6206e4b59b534965d5












tools/create-pythons.sh: Set CONCURRENCY_LEVEL automatically
2022-01-23T03:53:27+00:00

Darsey Litzenberger
dlitz@dlitz.net

2022-01-23T03:53:27+00:00

4d75f91e18799a99bbd476b345c558d3ec457762












Increase attempts for recovering RSA (p,q) from (n,e,d)
2014-06-23T07:12:24+00:00

Wouter Bolsterlee
uws@xs4all.nl

2014-06-20T20:07:46+00:00

7acba5f3a6ff10f1424c309d0d34d2b713233019

Bump the maximum number of iterations to recover (p,q) given (n,e,d) to
increase the chance that the algorithm succeeds. The algorithm used is a
probabilistic one with a 1/2 chance of finding the right value in each
iteration, so it's likely that only a few iterations are needed.

However, in some extreme cases this may still fail. Bumping the maximum
number allow the algorithm to correctly find the right values for these
cases. This changes bumps the number of iterations from 50 to 500 (the
value 'a' is increased by 2 in each step), and hence reduces the chance
of failure from 2**-50 to 2**-500.

Note that this change does *not* result in a performance degradation.





Bump the maximum number of iterations to recover (p,q) given (n,e,d) to
increase the chance that the algorithm succeeds. The algorithm used is a
probabilistic one with a 1/2 chance of finding the right value in each
iteration, so it's likely that only a few iterations are needed.

However, in some extreme cases this may still fail. Bumping the maximum
number allow the algorithm to correctly find the right values for these
cases. This changes bumps the number of iterations from 50 to 500 (the
value 'a' is increased by 2 in each step), and hence reduces the chance
of failure from 2**-50 to 2**-500.

Note that this change does *not* result in a performance degradation.







Realign V tables dynamically
2014-06-23T06:47:53+00:00

Legrandin
helderijs@gmail.com

2014-05-13T06:19:55+00:00

13fcb9e63892f18de043e8308bc645ae5baf4aa4












Make Cipher.galois module private
2014-06-23T06:47:53+00:00

Legrandin
helderijs@gmail.com

2014-04-26T07:10:19+00:00

9e2b6af8c34efba80d141490b48b82a3c2185ae5












Update configure script from configure.ac
2014-06-23T06:47:49+00:00

Dwayne Litzenberger
dlitz@dlitz.net

2014-06-23T06:47:49+00:00

fc266f4ae9138022df4808e19c579c8a5c60f24b












Make GHASH more robust against timing attacks.
2014-06-23T06:38:31+00:00

Legrandin
helderijs@gmail.com

2014-03-23T17:46:55+00:00

947b554d85012cf35185ded38ef3484de010d2cf

In order to speed up as much as possible the GHASH,
the current implementation expands the 16 byte hash key
(H) into a table of 64 KBytes. However, that is sensitive
to cache-based timing attacks.

If we assume that access to data inside the same cache line
is constant-time (likely), fitting a table item into a cache
line may help against the attacks.

This patch reduce the pre-computed table from 64K to 4K
and aligns every item to a 32 byte boundary (since most modern
CPUs have cache line of that size or larger).

This patch will reduce the overall performance.

This patch also reverts commit 965871a727 ("GCM mode:
Optimize key setup for GCM mode") since I actually
got conflicting benchmark results.





In order to speed up as much as possible the GHASH,
the current implementation expands the 16 byte hash key
(H) into a table of 64 KBytes. However, that is sensitive
to cache-based timing attacks.

If we assume that access to data inside the same cache line
is constant-time (likely), fitting a table item into a cache
line may help against the attacks.

This patch reduce the pre-computed table from 64K to 4K
and aligns every item to a 32 byte boundary (since most modern
CPUs have cache line of that size or larger).

This patch will reduce the overall performance.

This patch also reverts commit 965871a727 ("GCM mode:
Optimize key setup for GCM mode") since I actually
got conflicting benchmark results.