Hey Jeff, Good to hear from you -- it's been a while :)
What does the attacker learn besides the key length? Isn't that mostly public information, like the TLS options used during cipher suite negotiation?
I reckon you're aware, but just to make it explicit for the list lurkers: key length and effective key length are not the same thing.If I asked you to post the top byte of your BitCoin private key to this list, would you? (Maybe you would, right? There's not much entropy in one byte to begin with. But OTOH private key bits are private ...)
(Re: Peter's post, indeed I don't see much actual value in the leak. But I do believe in transparency, hence the PoC and oss-security post.)
Best, BBB -- Dr. Billy B. Brumley, D.Sc. (Tech.) Director of Research, ESL Global Cybersecurity Institute (GCI) Kevin O'Sullivan Endowed Professor, Department of Cybersecurity (CSEC) Director, Platform Security Laboratory (PLATSEC) Rochester Institute of Technology Cybersecurity Hall 70-1770 100 Lomb Memorial Drive Rochester, NY, 14623-5608, USA S/MIME public key: https://people.rit.edu/bbbics/[email protected] S/MIME public key: https://people.rit.edu/bbbics/[email protected] https://www.rit.edu/directory/bbbics-billy-brumley https://www.rit.edu/cybersecurity/
smime.p7s
Description: S/MIME Cryptographic Signature
