Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oODY0LW04dm0tM3h2as4AAuFr
oqs's Post-Quantum Signature scheme Rainbow level I parametersets broken
Ward Beullens found a practical key-recovery attack against Rainbow.
The level I parametersets are removed from liboqs starting from version 0.7.2.
Find the scientific details in Breaking Rainbow Takes a Weekend on a Laptop.
This means all the oqs::sig::Algorithm::RainbowI* variants are insecure.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oODY0LW04dm0tM3h2as4AAuFr
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: over 1 year ago
Identifiers: GHSA-h864-m8vm-3xvj
References:
- https://github.com/open-quantum-safe/liboqs-rust
- https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/KFgw5_qCXiI?pli=1
- https://rustsec.org/advisories/RUSTSEC-2022-0047.html
- https://github.com/advisories/GHSA-h864-m8vm-3xvj
Blast Radius: 0.0
Affected Packages
cargo:oqs
Dependent packages: 2Dependent repositories: 3
Downloads: 35,955 total
Affected Version Ranges: < 0.7.2
Fixed in: 0.7.2
All affected versions: 0.1.0, 0.2.0, 0.3.0, 0.5.0, 0.6.0, 0.7.0, 0.7.1
All unaffected versions: 0.7.2, 0.8.0, 0.9.0