Date: Thu, 12 Jan 2017 11:15:44 +0100 From: Casper Thomsen <ct@...arhaus.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) On Tue, Jan 10, 2017 at 4:50 PM, Cesar Pereida Garcia <cesar.pereidagarcia@....fi> wrote: > Vendor: OpenSSL, LibreSSL, BoringSSL Noticed on https://nacl.cr.yp.to/features.html: > Support for standard primitives > Whenever NaCl includes (...) a newly proposed signature system, etc., it also includes (...) [TO DO:] an older standard signature system (e.g., ECDSA using the NIST P-256 elliptic curve) I couldn't find traces of ECDSA in NaCl and the "[TO DO]" suggest that there are in fact none. Anyone able to reject the "non-findings"? Kindly, -- Casper Thomsen
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ