Ondrej Mikle <ondrej.mi...@nic.cz> writes: >I've just found an article about the OAEP padding oracle (that I couldn't >recall before):
There's another one that was published about a year ago that looks at things like side-channel attacks via the integer-to-octet-string conversion primitives and other really low-bandwidth channels, I think it was "Manger's Attack Revisited". At the time I was thinking of doing a writeup on generalised defences (via randomisation) against this sort of thing because as Revisited points out, you're always going to get timing channels somewhere if you look hard enough and a generalised defence would be better than the penetrate-and- patch approah to stopping timing channels. Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography