Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 24 Apr 2018 18:48:38 +0300
From: Billy Brumley <bbrumley@...il.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE-2018-0737 OpenSSL: RSA key generation follows
 several non constant time code paths

>> Look for our preprint on http://eprint.iacr.org/ soon -- working title
>> is "One Shot, One Trace, One Key: Cache-Timing Attacks on RSA Key
>> Generation". We'll update the list with the full URL once it's posted.
>>
>
>
> Can you post a link to the draft here please?

The preprint is now up: https://eprint.iacr.org/2018/367

> The attack vector is not clear, does the attacker need to be on the same
> physical machine or is this a cross-vm attack?

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-0737

Your statement is pretty accurate. (Although I fail to see the
difference between physical machine and cross-vm.)

BBB

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ