While OpenSSL definitely does provide for blinding, several
widely-deployed applications don't seem to enable this option.
One reason is it doesn't appear possible to enable blinding
from the SSL library itself.
After reading the paper, and looking at the OpenSSL RSA blinding code, I
feel
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Remo Inverardi
Sent: Tuesday, March 18, 2003 8:17 PM
To: [EMAIL PROTECTED]
Subject: Re: Timing Attacks against OpenSSL
While OpenSSL definitely does provide for blinding, several
OpenSSL version 0.9.7a
AIX version 4.3.3 ML10
AIX does NOT respond command not found when a command can't be found.
It respond with ksh: cc: not found..
Change line 461 in config
(cc) 21 | grep -iv not found /dev/null CC=cc
Hälsningar / Regards
Kent Thureson
CAE System Supervisor
*Lear
Openssl bugs administrator,
I believe I found a bug in EVP_DecryptInit and EVP_EncryptInit. The
documentation at: http://www.openssl.org/docs/crypto/EVP_EncryptInit.html
says that those two functions and EVP_CipherInit do not need the
EVP_CIPHER_CTX to be initialized, but that is not true. Only
[EMAIL PROTECTED] - Tue Mar 18 19:22:49 2003]:
Openssl bugs administrator,
I believe I found a bug in EVP_DecryptInit and EVP_EncryptInit. The
documentation at: http://www.openssl.org/docs/crypto/EVP_EncryptInit.html
says that those two functions and EVP_CipherInit do not need the
Hi,
is it recommended to apply the below patch to 0.9.6i as well? We're
still releasing both versions, 0.9.6i and 0.9.7a in the Cygwin net distro.
Corinna
On Mon, Mar 17, 2003 at 08:47:01AM +, Ben Laurie wrote:
I expect a release to follow shortly.
--
Corinna Vinschen wrote:
Hi,
is it recommended to apply the below patch to 0.9.6i as well? We're
still releasing both versions, 0.9.6i and 0.9.7a in the Cygwin net distro.
Yes.
Corinna
On Mon, Mar 17, 2003 at 08:47:01AM +, Ben Laurie wrote:
I expect a release to follow shortly.
--
FYI - This patch doesn't appear in the source for 0.9.7a that I just
downloaded. My guess is the patch would offset the cost somewhat of
blinding...Recalculating Ri is expensive :)
-david
On Tue, 2003-02-04 at 13:57, Geoff Thorpe via RT wrote:
[EMAIL PROTECTED] - Tue Feb 4 18:36:33
On Mon, 17 Mar 2003 11:26:46 -0700, Verdon Walker wrote:
I know from looking in the archives that this question has been
asked
before, but I am wondering if anything has been done in the 0.9.7
branch
to address it.
We have an application that uses separate threads for its readers
and
writers.
I downloaded and configured/built/tested 0.9.7a on BSD/OS 4.3.1 with no
problems, using the following commands:
./config shared --prefix=/usr/contrib --openssldir=/usr/contrib/lib/openssl threads
make
make test
The tests completed with no errors. I then applied the blinding patch from
10 matches
Mail list logo
