Hi,
> I'd like to stress that this is highly speculative, it may very well be
> that this is not exploitable in any practical way. But I thought it's
> important enough that it should be public knowledge. (Also "This leaves
> a small timing channel, [...] but it is not believed to be large
> enoug
Hi,
As many have probably seen some people (including me) recently published
the so-called ROBOT attack [1], which is the re-birth of the old
Bleichenbacher attack against RSA in TLS.
We mostly focussed on non-timing issues and OpenSSL is not among the
vulnerable implementations. However during v
