On Firewalls, "Jonathan M. Bresler" <jmb@FreeBSD.ORG> said: JMB> regarding kocher's timing attack paper: JMB> RSA attack. only known ciphertext is needed. dont know how many JMB> known ciphertexts are required (related to key size surely). the JMB> paper's example is digital signature, rephrase that to Alice signs JMB> Bob's public key certifying that (you know the story). After JMB> several large key signing parties hundreds of known ciphertexts JMB> could have been generated using Alice's key--each one a public key JMB> of someone else. over several years it piles up. the known JMB> ciphertexts can be tested/analyzed to yield Alice's secret key. JMB> ouch. ;/ Are you sure about this? It would seem that the same principle would then apply to signed messages as well, and I find it a bit hard to believe that signing messages would make ones key pair vulnerable. -- #include <disclaimer.h> /* Sten Drescher */ To get my PGP public key, send me email with your public key and Subject: PGP key exchange Key fingerprint = 90 5F 1D FD A6 7C 84 5E A9 D3 90 16 B2 44 C4 F3