Security of OpenSSL ECDSA signatures

Aris Adamantiadis aris at
Mon May 23 22:34:48 EST 2011

Le 23/05/11 14:31, Damien Miller a écrit :
> This result concerns binary/GF(2m) fields only and not the prime fields
> that OpenSSH uses in recent versions.
> Unless a similar timing oracle is found for GF(p) fields then no
> OpenSSH-side workaround is required.

Thanks for your explanation, I'm not familiar enough with ECC.



More information about the openssh-unix-dev mailing list