nettle perl bindings
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Thu Mar 17 10:59:46 CET 2011
On Thu, Mar 17, 2011 at 10:35 AM, Niels Möller <nisse at lysator.liu.se> wrote:
> Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:
>
>> My understanding is that RSA blinding is a countermeasure against timing
>> attacks, and that it introduces a new dependency on some sort of RNG
>> (though perhaps a weak one?) to parts of the process that wouldn't
>> otherwise need it.
> I confess I don't remember the details of why blinding is desirable.
> Does it improve hiding of the key, message, or both?
Actually RSA is has pretty much limited utility without blinding since
retrieving the RSA private key from a web server has been shown
practical since 2003 and attacks were known since 1996 (Kocher).
gnutls implements blinding over nettle's functions. You might add a
warning on the documentation of nettle's functions.
The papers discussion the attacks:
* Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and
Other Systems by Kocher (1996)
* Remote timing attacks are practical by Boneh and Brumley
* Improving Brumley and Boneh Timing Attack on Unprotected SSL Implementations
regards,
Nikos
More information about the nettle-bugs
mailing list