RFR: 8294731: Improve multiplicative inverse for secp256r1 implementation [v2]
Xue-Lei Andrew Fan
xuelei at openjdk.org
Mon Oct 31 17:29:37 UTC 2022
On Mon, 10 Oct 2022 08:21:57 GMT, Ferenc Rakoczi <duke at openjdk.org> wrote:
> ... you only have one chance to measure, so cannot average out noise ...
There are cases that one chance is enough to place an attack. We normally don't discuss vulnerability details in public, please send me an email in private if more details is required.
> ... than again, you probably have better methods to get to the key than trying to measure time.
I may have to agree that better methods may exist. But better methods do not imply that we can let this method go.
-------------
PR: https://git.openjdk.org/jdk/pull/10544
More information about the security-dev
mailing list