Approximately ten days ago, I posted about having problems with the RSA Blinding patch
that resulted in seeing an intermittent problem of dropping GIFs from my SSL server
implementation. I continued to see these problems until yesterday when I built with
the 402 Snapshot for 0.9.6
In message [EMAIL PROTECTED] on Thu, 3 Apr 2003 11:26:58 -0600, Bobco, Pete
[EMAIL PROTECTED] said:
Pete.Bobco In closing, does the OpenSSL Release Group have any idea
Pete.Bobco as to when OpenSSL 0.9.6j might be officially released?
I don't know, but I'm guessing someone is working on the
Tom Wu via RT [EMAIL PROTECTED]:
Bodo Moeller via RT wrote:
The next round of snapshots (20030402, to appear at
ftp://ftp.openssl.org/snapshot;type=d in about six hours)
should solve the multi-threading problems. Please test them when they
are available.
The good news is that the fix in
(Bodo Moeller) via RT wrote:
Tom Wu via RT [EMAIL PROTECTED]:
In the case where the blinding struct is owned by
a different thread from the one doing an RSA op, the code has to do a
modexp and a mod inverse, as opposed to the two squarings that the
update normally
Tom Wu via RT [EMAIL PROTECTED]:
(Bodo Moeller) via RT wrote:
Tom Wu via RT [EMAIL PROTECTED]:
Is there any established wisdom on the security implications of
refreshing the blinding factor? Assuming that the initial blinding
value had sufficient entropy and was unknown to an attacker,