[12804] in cryptography@c2.net mail archive
Re: Brumley & Boneh timing attack on OpenSSL
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Mon Mar 24 10:18:50 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
Date: Tue, 18 Mar 2003 01:09:44 +1200
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: bill.stewart@pobox.com, cryptography@wasabisystems.com
Cc: cypherpunks@lne.com
Bill Stewart <bill.stewart@pobox.com> writes:
>Schmoo Group response on cryptonomicon.net
>http://www.cryptonomicon.net/modules.php?name=News&file=article&sid=263&mode=&order=0&thold=0
>Apparently OpenSSL has code to prevent the timing attack,
>but it's often not compiled in (I'm not sure how much that's for
>performance reasons as opposed to general ignorance?)
I had blinding code included in my crypto code for about 3 years,
when not a single person used it in all that time I removed it
again (actually I think it's probably still there, but disconnected).
I'm leaning strongly towards "general ignorance" here...
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
