oss-sec mailing list archives
Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths
From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Tue, 17 Apr 2018 09:51:56 +0530
On 04/16/2018 10:16 PM, Billy Brumley wrote:
6939eab03a6e23d2bd2c3f5e34fe1d48e542e787 we verified with a debugger they cumulatively solve (1) (2) and (3). Look for our preprint on http://eprint.iacr.org/ soon -- working title is "One Shot, One Trace, One Key: Cache-Timing Attacks on RSA Key Generation". We'll update the list with the full URL once it's posted.
Can you post a link to the draft here please? The attack vector is not clear, does the attacker need to be on the same physical machine or is this a cross-vm attack? -- Huzaifa Sidhpurwala / Red Hat Product Security Team
Current thread:
- CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Billy Brumley (Apr 16)
- Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Huzaifa Sidhpurwala (Apr 16)
- Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Billy Brumley (Apr 24)
- Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Huzaifa Sidhpurwala (Apr 24)
- Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Billy Brumley (Apr 24)
- Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Billy Brumley (Apr 19)
- Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Huzaifa Sidhpurwala (Apr 16)