From fd29158067b646012860899473d7372e1dd3631d Mon Sep 17 00:00:00 2001 From: Hadrien Croubois Date: Tue, 1 Oct 2024 19:50:58 +0200 Subject: [PATCH] Add warning about low public key exponent (#5234) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Ernesto GarcĂ­a Signed-off-by: Hadrien Croubois --- contracts/utils/cryptography/RSA.sol | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/contracts/utils/cryptography/RSA.sol b/contracts/utils/cryptography/RSA.sol index c8da4f96206..70c38fd15bb 100644 --- a/contracts/utils/cryptography/RSA.sol +++ b/contracts/utils/cryptography/RSA.sol @@ -36,8 +36,12 @@ library RSA { * 2048 bits. If you use a smaller key, consider replacing it with a larger, more secure, one. * * WARNING: This verification algorithm doesn't prevent replayability. If called multiple times with the same - * digest, public key and (valid signature), it will return true every time. Consider including an onchain nonce or - * unique identifier in the message to prevent replay attacks. + * digest, public key and (valid signature), it will return true every time. Consider including an onchain nonce + * or unique identifier in the message to prevent replay attacks. + * + * WARNING: This verification algorithm supports any exponent. NIST recommends using `65537` (or higher). + * That is the default value many libraries use, such as OpenSSL. Developers may choose to reject public keys + * using a low exponent out of security concerns. * * @param digest the digest to verify * @param s is a buffer containing the signature