Hi, I am a newbie to security and SSL.. but thought this could help.. ( I am not sure if I am answering your question) RSA_blinding_on() takes care of the attack which measures the encryption and decryption time taken by RSA. hope this will be of some help, Manish
>Date: Mon, 15 Jul 2002 16:08:22 -0700 (PDT) >From: Shalendra Chhabra <[EMAIL PROTECTED]> >Subject: an advise >To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] >MIME-Version: 1.0 >X-Sender: Shalendra Chhabra <[EMAIL PROTECTED]> >X-List-Manager: OpenSSL Majordomo [version 1.94.4] >X-List-Name: openssl-users >X-Perlmx-Spam: Gauge=, Probability=0%, Report= >X-Keywords: > >Just a short piece of information will help me in my >student life > >Paul kocher had discovered Timing analysis attack on >Implementations of Public Key Cryptosystems like >Diffie Hellman , RSA etc >and also Paul was one of the designer of SSL 3.0 >specifictations > >I just wanted to ask this: >"when Paul had designed SSL 3.0 Spec, was the attack >taken into account?" >In short please help me reaching the conclusion that > >"Is SSL 3.0/TLS susceptible to Pauls Timing Analysis >Attack"??? > >Please Reply@Earliest >Thanks >Shalendra > >__________________________________________________ >Do You Yahoo!? >Yahoo! Autos - Get free new car price quotes >http://autos.yahoo.com >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] ------------------------------------------------------ Manish Chablani ([EMAIL PROTECTED]), Graduate Student, Computer Science Department, Indiana University ------------------------------------------------------ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]