The cr.yp.to microblog: 2018.11.15 04:27:19

2018.11.15 04:27:19 (1062909888429359104) from Daniel J. Bernstein:

I'm puzzled that OpenSSL classified PortSmash severity as "low". https://www.openssl.org/news/secadv/20181112.txt I realize that the OpenSSL security policy (https://www.openssl.org/policies/secpolicy.html) defines "hard to exploit" timing attacks as "low" severity, but is someone claiming that PortSmash is "hard to exploit"?