On Thu, 5 Aug 2004 13:28:42 +0200 , "Ziermann, André (Secude)" <[EMAIL PROTECTED]> wrote: > Hello anybody, > > When reading about the patch against Klíma-Pokorný-Rosa attack, I have got > the impression that the patch, OpenSsl provides > by hiding the Bad PKCS#1 version and bad ssl version oracles thwart both the > Klíma-Pokorný-Rosa attack and the original Bleichenbacher attack they > extended. Therefore it seems to me that RSA blinding becomes obsolete. Is > there any other kind of attack against OpenSsl, RSA blinding was intended to > thwart?
You might want to look at this paper "Remote Timing Attacks are Practical" Dan Boneh and David Brumley http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html -DavidMolnar ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
