Brumley & Boneh timing attack on OpenSSL

Peter Gutmann pgut001 at
Mon Mar 17 05:09:44 PST 2003

Bill Stewart <bill.stewart at> writes:

>Schmoo Group response on
>Apparently OpenSSL has code to prevent the timing attack,
>but it's often not compiled in (I'm not sure how much that's for
>performance reasons as opposed to general ignorance?)

I had blinding code included in my crypto code for about 3 years,
when not a single person used it in all that time I removed it
again (actually I think it's probably still there, but disconnected).
I'm leaning strongly towards "general ignorance" here...


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cypherpunks-legacy mailing list