Full Disclosure mailing list archives
[IAIK JCE] Timing Attack Side Channel in DSA Implementation
From: Giuseppe Cocomazzi <sbudella () gmail com>
Date: Fri, 22 May 2020 15:22:38 +0200
IAIK JCE is a provider for the Java Cryptography Extension that, according to the vendor, "supplements the security functionality of the default JDK". It is a commercial product developed by Stiftung Secure Information and Communication Technologies: https://jce.iaik.tugraz.at/about-us/ The way that some of the computations involved in the signature generation are carried out introduces a side channel that leaks timing information about the ephemeral number k. Full details about the vulnerability are available here: http://sbudella.altervista.org/blog/20200521-iaik-timing.html Giuseppe Cocomazzi http://sbudella.altervista.org _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- [IAIK JCE] Timing Attack Side Channel in DSA Implementation Giuseppe Cocomazzi (May 22)