* on the Thu, Dec 19, 2013 at 07:03:57PM +0100, Werner Koch wrote: >> Since you are mentioned in this webpage, do you know by any chance >> whether gpgsm is vulnerable in a similar way? > > gpgsm uses Libgcrypt and Libgcrypt employs RSA blinding for a long time > now. Thus it is not vulnerable. The reason Libgcrypt has RSA blinding > is that it is used by online protocols like TLS were it is easy to mount > certain timing attacks in the LAN. With GnuPG these calls of network > based attacks are not possible and thus we did not used blinding in > GnuPG-1.
I have a V2 OpenPGP SmartCard. I'm wondering if this would be vulnerable to the attack in question? Also, what about the Crypto Stick? Presumably these generate the same sort of noise during signing/decryption that the CPU would, but there's nothing GnuPG can do in software to mask it? -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
