Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 08 Jun 2016 22:10:03 +0200
From: Roman Drahtmueller <>
To:,Marcus Meissner <>
Subject: Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations

> Are we sure that a "low" rating is justified?
> DSA is basically dead, until the constant time switch is flicked. The
> only countermeasure so far is turning it off. 

Maybe I should be a little more verbose on this:
1) attacker recovers the DSA host key. 
2) attacker mitm-attacks client connections to the server and recovers the user's private key by exploiting the vulnerable openssl on the client side 
3) ...

The same principles apply when the computational burden is reversed for client auth, aren't they?



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.