On Friday, July 26, 2019 at 12:56:48 AM UTC-4, Jeffrey Walton wrote: > > Hi Everyone, > > We received a private email concerning an ECDSA timing attack by Ján > Jančár. > > We are tracking the report at > https://github.com/weidai11/cryptopp/issues/869 . >
A partial patch is available. The patch was created against the Crypto++ 8.2 release. The patch fixes (1) leak in ECDSA nonce length; and (2) leak in prime fields (ECP class). The fix is incomplete because it is missing the fix for (3) leak in binary fields (EC2N class). The fix for (3) should be ready in a couple of weeks. Also see https://github.com/weidai11/cryptopp/issues/869 . Jeff -- You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/cryptopp-users/9cdab353-e800-4099-8077-b34fa0cf7af5%40googlegroups.com.
