Eliptic Curve Cryptography in OpenSSL might not be so Cryptographic
7 views
Skip to first unread message
Zac Slade
May 31, 2011, 3:12:23 PM5/31/11
to nwa...@googlegroups.com
It seems there are timing based attacks against the Elliptic Curve
digital signatures in OpenSSL that are quite severe. When using the
ECDSA keys for Elliptic Curve Cryptography in OpenSSL an attacker can
guess the server's private key with great accuracy.
digital signatures in OpenSSL that are quite severe. When using the
ECDSA keys for Elliptic Curve Cryptography in OpenSSL an attacker can
guess the server's private key with great accuracy.
The H has the details:
http://www.h-online.com/security/news/item/Successful-timing-attacks-on-elliptic-curve-cryptography-1247772.html
--
Zac Slade
krak...@gmail.com
Boyd Stephen Smith Jr.
Jun 1, 2011, 7:30:54 PM6/1/11
to nwa...@googlegroups.com
On 2011-05-31 14:12:23 Zac Slade wrote:
>It seems there are timing based attacks against the Elliptic Curve
>digital signatures in OpenSSL that are quite severe. When using the
>ECDSA keys for Elliptic Curve Cryptography in OpenSSL an attacker can
>guess the server's private key with great accuracy.
>It seems there are timing based attacks against the Elliptic Curve
>digital signatures in OpenSSL that are quite severe. When using the
>ECDSA keys for Elliptic Curve Cryptography in OpenSSL an attacker can
>guess the server's private key with great accuracy.
http://en.wikipedia.org/wiki/Side-channel_attack
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/
Joey Kavanaugh
Jun 2, 2011, 11:48:04 AM6/2/11
to nwa...@googlegroups.com
Great link Stephen !
Reply all
Reply to author
Forward
0 new messages