From 4d43f2ed0ec5a408d585e2f4097b8fad894a0dae Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 1 Sep 2023 16:22:25 +0100 Subject: [PATCH] Add Everest to threat model Signed-off-by: Janos Follath --- SECURITY.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index 61e39361a..7ed72de92 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -135,3 +135,12 @@ Guide](docs/architecture/alternative-implementations.md) for more information. - Use cryptographic mechanisms that are not based on block ciphers. In particular, for authenticated encryption, use ChaCha20/Poly1305 instead of block cipher modes. For random generation, use HMAC\_DRBG instead of CTR\_DRBG. + +#### Everest + +The HACL* implementation of X25519 taken from the Everest project only protects +against remote timing attacks. (See their [Security +Policy](https://github.com/hacl-star/hacl-star/blob/main/SECURITY.md).) + +The Everest variant is only used when `MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED` +configuration option is defined. This option is off by default.