Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 25 Apr 2018 11:11:14 +0530
From: Huzaifa Sidhpurwala <>
Subject: Re: CVE-2018-0737 OpenSSL: RSA key generation follows
 several non constant time code paths

On 04/24/2018 09:18 PM, Billy Brumley wrote:
>>> Look for our preprint on soon -- working title
>>> is "One Shot, One Trace, One Key: Cache-Timing Attacks on RSA Key
>>> Generation". We'll update the list with the full URL once it's posted.
>> Can you post a link to the draft here please?
> The preprint is now up:
>> The attack vector is not clear, does the attacker need to be on the same
>> physical machine or is this a cross-vm attack?
> Your statement is pretty accurate. (Although I fail to see the
> difference between physical machine and cross-vm.)
Physical machine implies, the attacker and victim is on the same host
(real computer or a vm). Cross-vm implies attacker and the victim can be
on two different virtual machines, running on the same hypervisor.


Huzaifa Sidhpurwala / Red Hat Product Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ