You are here: Appendix > RSA Blinding mode

Concepts

About RSA Blinding mode

Blinding is a technique that introduces random elements into the signature process to prevent timing attacks on the RSA private key. Use of this technique may be required by certain security policies, but it does reduce performance.

The HSM Admin or Security Officer can turn this feature on or off.

If RSA blinding is enabled in Capabilities and allowed in Policies, the partition will always run in RSA blinding  mode; performance will be lower than SafeNet published performance figures. This is because the deliberate introduction of random elements causes the average signature to take longer to complete.

 For maximum performance, you can switch RSA blinding mode off, at the cost of slight additional risk of so-called timing attacks on your keys. It is your decision whether your network and other security measures are sufficiently rigorous that blinding is not needed.

Luna HSMs are normally shipped with the Capability set to allow switching blinding on or off, and with the Policy set to not use blinding, by default.