[crazy][spam][crazy][spam] [thread for further deliberations regarding akash certs]
Undescribed Horrific Abuse, One Victim & Survivor of Many
gmkarl at gmail.com
Sun Jul 30 04:36:07 PDT 2023
it is nice that i am old enough that somebody is saying this clearly
and overtly:
https://github.com/tlsfuzzer/python-ecdsa#security
**This library does not protect against side-channel attacks.**
Do not allow attackers to measure how long it takes you to generate a key pair
or sign a message. Do not allow attackers to run code on the same physical
machine when key pair generation or signing is taking place (this includes
virtual machines). Do not allow attackers to measure how much power your
computer uses while generating the key pair or signing a message. Do not allow
attackers to measure RF interference coming from your computer while generating
a key pair or signing a message. Note: just loading the private key will cause
key pair generation. Other operations or attack vectors may also be
vulnerable to attacks. **For a sophisticated attacker observing just one
operation with a private key will be sufficient to completely
reconstruct the private key**.
More information about the cypherpunks
mailing list