Date: Tue, 17 Apr 2018 09:51:56 +0530 From: Huzaifa Sidhpurwala <huzaifas@...hat.com> To: oss-security@...ts.openwall.com, Billy Brumley <bbrumley@...il.com> Subject: Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths On 04/16/2018 10:16 PM, Billy Brumley wrote: > 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787 > > we verified with a debugger they cumulatively solve (1) (2) and (3). > > Look for our preprint on http://eprint.iacr.org/ soon -- working title > is "One Shot, One Trace, One Key: Cache-Timing Attacks on RSA Key > Generation". We'll update the list with the full URL once it's posted. > Can you post a link to the draft here please? The attack vector is not clear, does the attacker need to be on the same physical machine or is this a cross-vm attack? -- Huzaifa Sidhpurwala / Red Hat Product Security Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ