Brumley & Boneh timing attack on OpenSSL
Nomen Nescio
nobody at dizum.com
Mon Mar 24 13:20:02 EST 2003
Regarding using blinding to defend against timing attacks, and supposing
that a crypto library is going to have support for blinding:
- Should it do blinding for RSA signatures as well as RSA decryption?
- How about for ElGamal decryption?
- Non-ephemeral (static) DH key exchange?
- Ephemeral DH key exchange?
- How about for DSS signatures?
In other words, what do we need as far as blinding support either in
developing a crypto library or in evaluating a crypto library for use?
Suppose we are running a non-SSL protocol but it is across a real-time
Internet or LAN connection where timing attacks are possible. And suppose
our goal is not to see a paper and exploit published within the next
three years telling how to break the protocol's security with a few
hours of connect time.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list