On Thu, 19 Dec 2013 17:54, o...@mat.ucm.es said: > Since you are mentioned in this webpage, do you know by any chance > whether gpgsm is vulnerable in a similar way?
gpgsm uses Libgcrypt and Libgcrypt employs RSA blinding for a long time now. Thus it is not vulnerable. The reason Libgcrypt has RSA blinding is that it is used by online protocols like TLS were it is easy to mount certain timing attacks in the LAN. With GnuPG these calls of network based attacks are not possible and thus we did not used blinding in GnuPG-1. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
