[45286] in Cypherpunks
Timing RSA and Certificates worth ??
daemon@ATHENA.MIT.EDU (lyal collins)
Tue Dec 12 21:15:10 1995
Date: Wed, 13 Dec 95 12:50:18 +1100 (EST)
To: cypherpunks@toad.com
From: lyalc@mail.mpx.com.au (lyal collins)
oops
Earlier, I said :
>
>My limited mind induces me to think that a certificate become subject to
timing attacks on the RSA private signing key.
>In this case, certificate verification processes seem flawed and highly
unreliable.
I meant that on-line certificate issuing, notary and similar services where
data is submitted to a system for processing/RSA encryption are subject to
this for of attack.
Parts of the SEPP/STT protocols appear to require this of merchants and
customers.
I retract my comments about ecash/echeques - I'm not sure of the
implications there yet.
As for SEPP/STT - another nail in the coffin, me thinks.
lyal
