> > > > Maybe openssl-bugs is the right forum? This really isn't a bug, but a > > performance improvement. > > > > Seems like a worthwhile patch. > > Are you in the US BTW? If so have you CC'ed the patch to the relevant > export authorities? >
I'm in the US, but just a simple researcher :) I don't pretend to know anything about our crazy laws on crypto. If you have the time, I'm wondering why OpenSSL implements RSA blinding, but doesn't use it? Do you happen to know if other distributions don't implement it as well (I know cryptlib doesn't)? The reason I ask is I'm researching timing attacks against RSA (which is why I was looking through this portion of the code). Thanks for the great work! -david ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
