1995-12-13 - Timing RSA and Certificates worth ??

Header Data

From: lyalc@mail.mpx.com.au (lyal collins)
To: cypherpunks@toad.com
Message Hash: 2d004b78ce022cebe1fde027ff2a1d5bc46b731b6803823506f23df9d5492b9c
Message ID: <m0tPgKo-0006MlC@kyoko.mpx.com.au>
Reply To: N/A
UTC Datetime: 1995-12-13 02:57:27 UTC
Raw Date: Wed, 13 Dec 1995 10:57:27 +0800

Raw message

From: lyalc@mail.mpx.com.au (lyal collins)
Date: Wed, 13 Dec 1995 10:57:27 +0800
To: cypherpunks@toad.com
Subject: Timing RSA and Certificates worth ??
Message-ID: <m0tPgKo-0006MlC@kyoko.mpx.com.au>
MIME-Version: 1.0
Content-Type: text/plain


oops
Earlier, I said :
>
>My limited mind induces me to think that a certificate become subject to
timing attacks on the RSA private signing key.
>In this case, certificate verification  processes seem flawed and highly
unreliable.

I meant that on-line certificate issuing, notary and similar services where
data is submitted to a system for processing/RSA encryption are subject to
this for of attack.
Parts of the SEPP/STT protocols appear to require this of merchants and
customers.
I retract my comments about ecash/echeques - I'm not sure of the
implications there yet.
As for SEPP/STT - another nail in the coffin, me thinks.
lyal






Thread