Hacker News new | past | comments | ask | show | jobs | submit login

PACE does use (EC)DH. Not sure if that’s vulnerable as well, or if this is once again a footgun specific to (EC)DSA.



Since it's a non constant time implementation of a specific part of the EC operation (modular inversion) my guess would be they reused the code for that everywhere and it's probably also present in ecdh and all other algorithms requiring a modular inversion.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: