[12827] in cryptography@c2.net mail archive
Re: Brumley & Boneh timing attack on OpenSSL
daemon@ATHENA.MIT.EDU (Nomen Nescio)
Mon Mar 24 18:29:06 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
From: Nomen Nescio <nobody@dizum.com>
To: cryptography@wasabisystems.com
Date: Mon, 24 Mar 2003 19:20:02 +0100 (CET)
Regarding using blinding to defend against timing attacks, and supposing
that a crypto library is going to have support for blinding:
- Should it do blinding for RSA signatures as well as RSA decryption?
- How about for ElGamal decryption?
- Non-ephemeral (static) DH key exchange?
- Ephemeral DH key exchange?
- How about for DSS signatures?
In other words, what do we need as far as blinding support either in
developing a crypto library or in evaluating a crypto library for use?
Suppose we are running a non-SSL protocol but it is across a real-time
Internet or LAN connection where timing attacks are possible. And suppose
our goal is not to see a paper and exploit published within the next
three years telling how to break the protocol's security with a few
hours of connect time.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
