[Cryptography] RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis

Phillip Hallam-Baker hallam at gmail.com
Thu Dec 19 12:41:02 EST 2013


On Thu, Dec 19, 2013 at 6:22 AM, Werner Koch <wk at gnupg.org> wrote:

> On Thu, 19 Dec 2013 01:19, anzalaya at gmail.com said:
>
> > Have you trief this out against openssl ? How succesful do you think it
> > would be ?
>
> OpenSSL seems not to be vulnerable.  The reason is that OpenSSL uses
> Montgomery multiplication which protects against this concrete attack.
> The attack is based on the specific way GnuPG switches between Karatsuba
> and simple multiplication.
>

Ben Laurie said that OpenSSL should be OK provided that the blinding flag
is used.

But OpenSSL has practically no documentation on such things other than the
source. So I would not trust that without looking at the source.

-- 
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131219/c8563907/attachment.html>


More information about the cryptography mailing list