fyi: Adi Shamir's microprocessor bug attack

Florian Weimer fw at
Tue Nov 20 03:41:43 EST 2007

Perhaps I'm missing something, but real-world RSA implementations are
not vulnerable to this because they implement RSA blinding to prevent
timing attacks (which prevents a magic a * b fault from being exploited
deterministically) or verify the signature after creation (which
protects against random faults, a very good idea anyway).

Something can't be "new" and "big" if it's been addressed in GnuPG,
Crypto++ and others years ago. 8-P

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list