On Sat, Mar 05, 2016 at 09:25:11AM +0100, Wopot wrote:
> Hello, did you read this paper?
>
> ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side
> Channels
> https://www.cs.tau.ac.il/~tromer/mobilesc/
Tinc 1.0.x and 1.1pre11 are not vulnerable to this specific attack. Some
older 1.1 version might be.
The attack described in the paper focusses on NIST curves. They are
known to be hard to implement using a constant-time algorithm, therefore
they are susceptible to timing and side-channel attacks. Tinc 1.0
doesn't use ECDSA at all, tinc 1.1pre11 uses Ed25519 keys. The latter
are also elliptic curves, but they are implemented using a constant-time
algorithm, and so are not vulnerable to the attack described in the
paper. It's hard to prove that these are completely invulnerable to
side-channel attacks, but it is very unlikely.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL:
<http://www.tinc-vpn.org/pipermail/tinc/attachments/20160313/8ce5c409/attachment.sig>