Topic: Mental note: ensure EC crypto is not susceptible to side channel attacks (Read 1280 times)
February 25, 2011, 10:38:15 AM
All operations are constant time. I don't know if you have to do more than that to be safe from power/rf analysis too.
February 25, 2011, 09:49:24 AM
I suspect Bouncy Castle doesn't, or at least I didn't see any comments about it in the Bouncy Castle source code yet. I've mostly only looked at the EC code, though. What does OpenSSL do to try to avoid this type of attack?
February 25, 2011, 05:18:36 AM
For people working on mobile clients:
http://threatpost.com/en_us/blogs/attack-can-extract-crypto-keys-mobile-device-signals-021611
OpenSSL has apparently been balanced to try and avoid this type of attack. I don't know about crypto++ or Bouncy Castle.
http://threatpost.com/en_us/blogs/attack-can-extract-crypto-keys-mobile-device-signals-021611
OpenSSL has apparently been balanced to try and avoid this type of attack. I don't know about crypto++ or Bouncy Castle.
Jump to: