[148528] in cryptography@c2.net mail archive
Re: [Cryptography] RSA Key Extraction via Low-Bandwidth Acoustic
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Thu Dec 19 13:32:11 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <87vbyl13ww.fsf@vigenere.g10code.de>
Date: Thu, 19 Dec 2013 12:41:02 -0500
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Werner Koch <wk@gnupg.org>
Cc: Alexandre Anzala-Yamajako <anzalaya@gmail.com>,
Tamzen Cannoy <tamzen@cannoy.org>, Cryptography <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============2914787841569660310==
Content-Type: multipart/alternative; boundary=e89a8f2356bd4ea6a004ede6aadf
--e89a8f2356bd4ea6a004ede6aadf
Content-Type: text/plain; charset=ISO-8859-1
On Thu, Dec 19, 2013 at 6:22 AM, Werner Koch <wk@gnupg.org> wrote:
> On Thu, 19 Dec 2013 01:19, anzalaya@gmail.com said:
>
> > Have you trief this out against openssl ? How succesful do you think it
> > would be ?
>
> OpenSSL seems not to be vulnerable. The reason is that OpenSSL uses
> Montgomery multiplication which protects against this concrete attack.
> The attack is based on the specific way GnuPG switches between Karatsuba
> and simple multiplication.
>
Ben Laurie said that OpenSSL should be OK provided that the blinding flag
is used.
But OpenSSL has practically no documentation on such things other than the
source. So I would not trust that without looking at the source.
--
Website: http://hallambaker.com/
--e89a8f2356bd4ea6a004ede6aadf
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Thu, Dec 19, 2013 at 6:22 AM, Werner Koch <span dir=3D"ltr"><=
<a href=3D"mailto:wk@gnupg.org" target=3D"_blank">wk@gnupg.org</a>></spa=
n> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im">On Thu, 19 Dec 2013 01:19,=
<a href=3D"mailto:anzalaya@gmail.com">anzalaya@gmail.com</a> said:<br>
<br>
> Have you trief this out against openssl ? How succesful do you think i=
t<br>
> would be ?<br>
<br>
</div>OpenSSL seems not to be vulnerable. =A0The reason is that OpenSSL use=
s<br>
Montgomery multiplication which protects against this concrete attack.<br>
The attack is based on the specific way GnuPG switches between Karatsuba<br=
>
and simple multiplication.<br></blockquote><div><br></div><div>Ben Laurie s=
aid that OpenSSL should be OK provided that the blinding flag is used.</div=
><div><br></div><div>But OpenSSL has practically no documentation on such t=
hings other than the source. So I would not trust that without looking at t=
he source.=A0</div>
</div><div><br></div>-- <br>Website: <a href=3D"http://hallambaker.com/">ht=
tp://hallambaker.com/</a><br>
</div></div>
--e89a8f2356bd4ea6a004ede6aadf--
--===============2914787841569660310==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============2914787841569660310==--
