The RSA Labs bulletin, number 2, asserts that
DSA may be vulnerable to the Kocher timing attack.
Given KEA is also known to be a (classified) public key
algorithm using partially fixed keying material, it may
also be affected.
The Fortezza cards now in large-scale circulation have
both KEA and DSA support, being manufactured prior
to the public discussion of Kocher.
Has anyone tried to determine whether the Capstone
chip counters the timing attack?
If it does, this is an interesting fact.
If it doesnt, this is also an interesting fact.
Fortezza devices, without +ve clarification, are (slightly) suspect
technology, surely. The reference MOSS implemention of security
with Fortezza, clipper algorithms, capstone, etc., might be
affected, which is the underlying protocol concern I have, here:
Would or could MOSS.Fortezza processes themselves be constructed
to introduce appropriate countermeasure, when the protocol is used
in an online email responder mode, as in suggested certificate
validation services, susceptible to timing attacks?
Would, incidentally to this list, MSP with DSA/KEA from Fortezza
devices when used in automatic list exploder mode, also be faced
with same issues?
Are there _protocol actions_ we could take to reduce any
Fortezza-induced crypto problem, if any?
Peter.