fyi: Adi Shamir's microprocessor bug attack
Florian Weimer
fw at deneb.enyo.de
Tue Nov 20 03:41:43 EST 2007
Perhaps I'm missing something, but real-world RSA implementations are
not vulnerable to this because they implement RSA blinding to prevent
timing attacks (which prevents a magic a * b fault from being exploited
deterministically) or verify the signature after creation (which
protects against random faults, a very good idea anyway).
Something can't be "new" and "big" if it's been addressed in GnuPG,
Crypto++ and others years ago. 8-P
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list