[openssl-dev] curve25519
Michael Sierchio
kudzu at tenebras.com
Sun Jun 21 23:03:06 UTC 2015
On Sun, Jun 21, 2015 at 3:00 PM, Salz, Rich <rsalz at akamai.com> wrote:
Your analysis is incorrect for servers over the Internet, where the only
> thing that an attacker can measure is time. Power and radiation require
> close proximity and, often, physical intervention. Those are reasonable
> attacks to have in the threat model, but comes after timing considerations.
>
Timing attacks, as Rich notes, can be done remotely. Power and radiant
energy measurements are infeasible in the case of remote servers, esp. in
the case of EC2 instances. The right design goal was adopted in the case
of curve25519 - as you would expect of Dan Bernstein.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150621/7c897264/attachment.html>
More information about the openssl-dev
mailing list