Re: Brumley & Boneh timing attack on OpenSSL
Bill Stewart <bill.stewart@pobox.com> writes:
Schmoo Group response on cryptonomicon.net http://www.cryptonomicon.net/modules.php?name=News&file=article&sid=263&mode=&order=0&thold=0 Apparently OpenSSL has code to prevent the timing attack, but it's often not compiled in (I'm not sure how much that's for performance reasons as opposed to general ignorance?)
I had blinding code included in my crypto code for about 3 years, when not a single person used it in all that time I removed it again (actually I think it's probably still there, but disconnected). I'm leaning strongly towards "general ignorance" here... Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
participants (1)
-
pgut001@cs.auckland.ac.nz