Calling BN_mod_exp with a small base, and no constant time flag fallback on an insecure implementation with OpenSSL. The resulting leakage can be used by an attacker to recover enough information on the password to perform an offline dictionary attack.
A simple fix is to set the appropriate flag before computing the verifier.
Calling BN_mod_exp with a small base, and no constant time flag fallback on an insecure implementation with OpenSSL. The resulting leakage can be used by an attacker to recover enough information on the password to perform an offline dictionary attack. A simple fix is to set the appropriate flag before computing the verifier.
This fix issue #87