Enable RSA blinding

Damien Miller djm at mindrot.org
Sun Mar 16 00:59:41 EST 2003

Florian Weimer wrote:
> After browsing "Remote timing attacks are practical" (Boneh & Brumley,
> <http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html>), I
> wonder if it might be a good idea to add calls to RSA_blinding_on()
> before the OpenSSL RSA decryption routines are invoked.

It is on in the snapshots as of tonight (thank Markus).

> The issue is not a LAN-only issue, BTW.  Packet delay variation is
> usually higher in LANs than in WANs.

I'm curious about this - do you have a reference or some evidence?


More information about the openssh-unix-dev mailing list