On Fri, Sep 23, 2011 at 2:02 PM, Douglas Stebila doug...@stebila.ca wrote:
Perhaps someone will take a look at this forlorn bug and patch?
https://bugzilla.mozilla.org/show_bug.cgi?id=660394
Yes, I can take a look at the patch.
Wan-Teh
--
dev-tech-crypto mailing list
You may remember a few months ago that a timing attack against the elliptic
curve cryptography implementation in OpenSSL was announced:
http://eprint.iacr.org/2011/232
http://it.slashdot.org/story/11/05/27/1956231/openssl-timing-attack-can-intercept-private-keys
The same attack
Douglas Stebila wrote:
The same attack applies to NSS. A while back I submitted a bug and
patch for NSS, but it has been languishing in Bugzilla without any
attention. While the use of ECC in deployed TLS environments is quite
low, it's still probably a good idea to get the code patched.
3 matches
Mail list logo