Enable RSA blinding
Ben Lindstrom
mouring at etoh.eviladmin.org
Sun Mar 16 03:24:43 EST 2003
On Sun, 16 Mar 2003, Damien Miller wrote:
> Florian Weimer wrote:
> > After browsing "Remote timing attacks are practical" (Boneh & Brumley,
> > <http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html>), I
> > wonder if it might be a good idea to add calls to RSA_blinding_on()
> > before the OpenSSL RSA decryption routines are invoked.
>
> It is on in the snapshots as of tonight (thank Markus).
>
I saw that.. I'm still interested in a break down to where OpenSSH would
be prone to such attacks. I'm sure v1 would easily be, but the complexity
of v2 makes me wonder. <shrug> Still better be safe than sorry.
> > The issue is not a LAN-only issue, BTW. Packet delay variation is
> > usually higher in LANs than in WANs.
>
> I'm curious about this - do you have a reference or some evidence?
>
I don't agree with him. t may take longer for a WAN connection, but you
can easily isolate the timing at anytime between two points on a WAN. It
has been proven many times. Just because the timing rate changes does not
make it impossible.
- Ben
More information about the openssh-unix-dev
mailing list