|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Crypto++ Information for VU#997481
| Date Notified: | 2003-02-25 |
| Date Updated: | |
| Statement Date: | |
| Status Summary: | Vulnerable |
Vendor StatementAll factoring-based public key cryptosystems (RSA, Rabin, LUC) implemented in Crypto++ version 5.0 and earlier may be vulnerable to timing attacks similar to the attacks described in the paper by Brumley and Boneh. Crypto++ users who use these cryptosystems in ways that allow observation of decryption times should upgrade to version 5.1 or later. Crypto++ version 5.1 includes additional countermeasures to timing attacks, including blinding for RSA and Rabin decryption. The latest version of Crypto++ may be downloaded from http://www.cryptopp.com.Vendor InformationThe vendor has not provided us with any further information regarding this vulnerability.
AddendumThe CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |