|Issue||Does vulnerability CVE-2007-3108 affect SSL-C?|
"The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys."
This is RSA's official position:
A potential vulnerability was recently discovered in the implementation of the RSA algorithm in OpenSSL; the RSA BSAFE products include a similar, though not identical, implementation of the RSA algorithm. The approach can be applied against software implementations of most cryptographic algorithms, including ECC. Since it is difficult to exploit this theoretical approach in practice, RSA continues to monitor the situation closely and to take this new attack scheme into account in the planning of our future version of RSA BSAFE products.
|Legacy Article ID||a37639|