Thanks for the reply, Rich. >> 2. When will RT2574 be integrated to protect our ECC keys in the inevitable >> presence of software defects like this? >> http://rt.openssl.org/Ticket/Display.html?id=2574&user=guest&pass=guest > > Timing attacks on ECC isn't a very high priority right now, given all the > other bigger easier to exploit issues with wider deployment :(
The way I see it, the main purpose of that patch is to prevent bug attacks, not timing attacks. Hence the relation to the arithmetic bug. BBB ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org