On Sun, Jun 21, 2015 at 3:00 PM, Salz, Rich <rs...@akamai.com> wrote:
Your analysis is incorrect for servers over the Internet, where the only > thing that an attacker can measure is time. Power and radiation require > close proximity and, often, physical intervention. Those are reasonable > attacks to have in the threat model, but comes after timing considerations. > Timing attacks, as Rich notes, can be done remotely. Power and radiant energy measurements are infeasible in the case of remote servers, esp. in the case of EC2 instances. The right design goal was adopted in the case of curve25519 - as you would expect of Dan Bernstein.
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
