Date: Thu, 12 Jan 2017 11:15:44 +0100 From: Casper Thomsen <ct@...arhaus.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) On Tue, Jan 10, 2017 at 4:50 PM, Cesar Pereida Garcia <cesar.pereidagarcia@....fi> wrote: > Vendor: OpenSSL, LibreSSL, BoringSSL Noticed on https://nacl.cr.yp.to/features.html: > Support for standard primitives > Whenever NaCl includes (...) a newly proposed signature system, etc., it also includes (...) [TO DO:] an older standard signature system (e.g., ECDSA using the NIST P-256 elliptic curve) I couldn't find traces of ECDSA in NaCl and the "[TO DO]" suggest that there are in fact none. Anyone able to reject the "non-findings"? Kindly, -- Casper Thomsen
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.