^{CVE-2020-25659:}Timing Attack Vulnerability in python-cryptography 3.2 RSA Decryption API

Overview

This vulnerability (CVE-2020-25659) affects the python-cryptography library version 3.2. The issue is related to the RSA decryption implementation that processes PKCS#1 v1.5 padding. Bleichenbacher timing attacks exploit the fact that valid and invalid ciphertexts may take different amounts of time to process, creating a side-channel that can be used to gradually extract information about the private key. This type of attack is particularly concerning for applications that use RSA encryption for sensitive operations, as it can lead to complete key compromise without direct access to the system.

Remediation

To address this vulnerability, users should:

1. Update to a patched version of python-cryptography (versions after 3.2).
2. If immediate updating is not possible, consider implementing additional countermeasures such as:
   • Adding random delays to cryptographic operations to mask timing differences
   • Using constant-time implementations for cryptographic operations where available
   • Limiting the number of decryption operations that can be performed with the same key
3. Review applications that use RSA decryption to ensure they're not vulnerable to timing analysis.
4. Consider migrating to more modern padding schemes like OAEP (Optimal Asymmetric Encryption Padding) which are designed to be resistant to these types of attacks.

References

1. Patch commit: https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b
2. Oracle Critical Patch Update Advisory - April 2022: https://www.oracle.com/security-alerts/cpuapr2022.html
3. Oracle Critical Patch Update Advisory - July 2022: https://www.oracle.com/security-alerts/cpujul2022.html
4. For more information on Bleichenbacher attacks: "Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1" by Daniel Bleichenbacher