oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations

From: Roman Drahtmueller <draht () schaltsekun de>
Date: Wed, 08 Jun 2016 22:10:03 +0200


Are we sure that a "low" rating is justified?
DSA is basically dead, until the constant time switch is flicked. The
only countermeasure so far is turning it off. 


Maybe I should be a little more verbose on this:
1) attacker recovers the DSA host key. 
2) attacker mitm-attacks client connections to the server and recovers the user's private key by exploiting the 
vulnerable openssl on the client side 
3) ...

The same principles apply when the computational burden is reversed for client auth, aren't they?

R.

-- 
schaltsekun.de
Previous By Date Next
Previous By Thread Next

Current thread: