Jeffrey Walton <[email protected]> writes: >What does the attacker learn besides the key length? Isn't that mostly >public information, like the TLS options used during cipher suite >negotiation?
It's a proof-of-concept from a very entertaining talk at the OpenSSL conference, "Constant-Time BIGNUM Is Bollocks". The BoringSSL folks had claimed there were no timing side-channels in their code, this demonstrates a timing side-channel. Admittedly not a terribly useful one :-). Peter.
