Timing attacks are primarily an implementation issue, rather than a protocol issue. The SSL 3.0 spec doesn't try to describe all the things that implementations need to do in order to be secure, as this would have been far too complex and implementation-specific to include.
Having said this, I did help Netscape make sure that their implementation was resistant to timing attacks (among others). Cheers, Paul At 04:08 PM 7/15/2002 -0700, Shalendra Chhabra wrote: >Just a short piece of information will help me in my >student life > >Paul kocher had discovered Timing analysis attack on >Implementations of Public Key Cryptosystems like >Diffie Hellman , RSA etc >and also Paul was one of the designer of SSL 3.0 >specifictations > >I just wanted to ask this: >"when Paul had designed SSL 3.0 Spec, was the attack >taken into account?" >In short please help me reaching the conclusion that > >"Is SSL 3.0/TLS susceptible to Pauls Timing Analysis >Attack"??? > >Please Reply@Earliest >Thanks >Shalendra > >__________________________________________________ >Do You Yahoo!? >Yahoo! Autos - Get free new car price quotes >http://autos.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
