oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL)

From: Casper Thomsen <ct () clearhaus com>
Date: Thu, 12 Jan 2017 11:15:44 +0100
On Tue, Jan 10, 2017 at 4:50 PM, Cesar Pereida Garcia
<cesar.pereidagarcia () tut fi> wrote:

Vendor: OpenSSL, LibreSSL, BoringSSL


Noticed on https://nacl.cr.yp.to/features.html:


Support for standard primitives
Whenever NaCl includes (...) a newly proposed signature system, etc., it also includes (...) [TO DO:] an older 
standard signature system (e.g., ECDSA using the NIST P-256 elliptic curve)


I couldn't find traces of ECDSA in NaCl and the "[TO DO]" suggest that
there are in fact none.

Anyone able to reject the "non-findings"?

Kindly,
-- 
Casper Thomsen
Previous By Date Next
Previous By Thread Next

Current thread: