Hi Herbert, currently RSA is implemented as the only asymmetric cipher in software. But others must be expected coming. We have seen the DH patch already. Albeit software asym ciphers is only a fallback, what is your opinion to cover those implementations with counter measures? Currently RSA does not implement anything and is even susceptible to timing attacks if I see that right as the leading zeros are stripped. In addition to the leading zeroes problem, blinding comes to mind. If we do blinding, what type of blinding is sufficient for a fallback (base, exponent, modulus)? Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html