Ola Lundqvist <o...@inguza.com> writes: > Magnus, Niels and I have been discussing the nettle update due to > https://security-tracker.debian.org/tracker/CVE-2016-6489
Please note that some coordinatoino with gnutls may be needed, to avoid a denial-of-service problem involving invalid private keys. > I suggest something like this: > "Protect against potential timing attacks against exponentiation operations > as described in CVE-2016-6489 RSA code is vulnerable to cache sharing > related attacks." I'd suggest the more general "side-channel attacks" over "timing attacks". /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26. Internet email is subject to wholesale government surveillance.
