Brumley & Boneh timing attack on OpenSSL
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Mar 17 08:09:44 EST 2003
Bill Stewart <bill.stewart at pobox.com> writes:
>Schmoo Group response on cryptonomicon.net
>http://www.cryptonomicon.net/modules.php?name=News&file=article&sid=263&mode=&order=0&thold=0
>Apparently OpenSSL has code to prevent the timing attack,
>but it's often not compiled in (I'm not sure how much that's for
>performance reasons as opposed to general ignorance?)
I had blinding code included in my crypto code for about 3 years,
when not a single person used it in all that time I removed it
again (actually I think it's probably still there, but disconnected).
I'm leaning strongly towards "general ignorance" here...
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list