Hi all,
Is there any plan for implementing counter measures against the newly
discovered vulnerability in ECDSA operations of OpenSSL?
For those not aware of it, here is the US-CERT link of this
vulnerability : http://www.kb.cert.org/vuls/id/536044
Here is also the original paper that contains the vulnerability details
: http://eprint.iacr.org/2011/232.pdf
The patch suggested by the paper seems simple enough. It can be enhanced
by adding a random multiple of the order to the scalar k. Is there any
objection for getting this merged into OpenSSL source?
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
