Date: Tue, 24 Apr 2018 18:48:38 +0300 From: Billy Brumley <bbrumley@...il.com> Cc: oss-security@...ts.openwall.com Subject: Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths >> Look for our preprint on http://eprint.iacr.org/ soon -- working title >> is "One Shot, One Trace, One Key: Cache-Timing Attacks on RSA Key >> Generation". We'll update the list with the full URL once it's posted. >> > > > Can you post a link to the draft here please? The preprint is now up: https://eprint.iacr.org/2018/367 > The attack vector is not clear, does the attacker need to be on the same > physical machine or is this a cross-vm attack? https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-0737 Your statement is pretty accurate. (Although I fail to see the difference between physical machine and cross-vm.) BBB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ