On Sat, 1 Mar 2014, mancha wrote: > Here's a recently-published paper that describes a flush & reload > attack on OpenSSL's ECDSA implementation: > > http://eprint.iacr.org/2014/140.pdf > > According to the authors, snooping a single signing round is > sufficient to recover the secret key. It sounds like an interesting technique, though I note that they attacked signing using one of the GF(2^m) curves rather than the GP(p) curves that almost everything uses. Why? -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
