Merge pull request #1052 from yanesca/add_everest_to_threat_model

Add Everest to threat model
This commit is contained in:
Janos Follath 2023-09-04 14:05:13 +01:00 committed by GitHub
commit 3574ec27fe
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -135,3 +135,12 @@ Guide](docs/architecture/alternative-implementations.md) for more information.
- Use cryptographic mechanisms that are not based on block ciphers. In
particular, for authenticated encryption, use ChaCha20/Poly1305 instead of
block cipher modes. For random generation, use HMAC\_DRBG instead of CTR\_DRBG.
#### Everest
The HACL* implementation of X25519 taken from the Everest project only protects
against remote timing attacks. (See their [Security
Policy](https://github.com/hacl-star/hacl-star/blob/main/SECURITY.md).)
The Everest variant is only used when `MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED`
configuration option is defined. This option is off by default.