Perry E. Metzger wrote: > Michael Sierchio <[EMAIL PROTECTED]> writes: > >>Timing analysis is of such little practical value that no one, to >>my knowledge, is willing to obscure the average key agreement (DH) >>or decryption (RSA) operation by adding random delays or by making >>all pubkey operations conform to the upper bound, worst case time. > > > That sounds like a "oh, no one would EVER mount THAT attack" > fallacy. They have a tendency to bite you in the buttocks.
I didn't mean to claim that no one would ever mount such an attack -- just that there are enormous practical difficulties to getting any timing results via SSL session key creation. > I'm aware of a number of packages that use PKC that obscure timing > because the authors believed the threat to be quite real. Name them. OpenSSL doesn't. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
