crypto/rsa: deprecate GenerateMultiPrimeKey and PrecomputedValues.CRTValues #56921
Comments
|
Change https://go.dev/cl/453256 mentions this issue: |
|
Change https://go.dev/cl/453257 mentions this issue: |
These should be marked deprecated, but that needs a (likely quick) proposal review. The proposal is #56921. Change-Id: I013a913a7f5196a341e2dd5f49c2687c26ee8331 Reviewed-on: https://go-review.googlesource.com/c/go/+/453257 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Run-TryBot: Russ Cox <rsc@golang.org>
ianlancetaylor
added
the
Proposal-Crypto
|
This proposal has been added to the active column of the proposals project |
|
Does anyone object to marking these deprecated? |
|
No objection, happy to see them go. |
|
Based on the discussion above, this proposal seems like a likely accept. |
|
No change in consensus, so accepted. 🎉 |
rsc
changed the title
|
Change https://go.dev/cl/459976 mentions this issue: |
Multi-prime RSA keys (those that are products of three or more large primes) are discouraged in general and rarely used.
As of Go 1.20, the PrecomputedValues.CRTValues supporting multiprime keys will still be computed and filled in, but to reduce the attack surface of crypto/rsa, those values will no longer be used by decryption.
PrecomputedValues.CRTValues and GenerateMultiPrimeKey were marked deprecated during the Go 1.20 cycle, but without a proposal review. I'm rolling back the deprecation marks in an upcoming CL (gopherbot will report it) and am filing this issue to discuss adding the deprecation marks.
I don't anticipate any controversy about deprecating these, the proposal process should confirm that.
The text was updated successfully, but these errors were encountered: