oss-sec mailing list archives
Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths
From: Billy Brumley <bbrumley () gmail com>
Date: Tue, 24 Apr 2018 18:48:38 +0300
Look for our preprint on http://eprint.iacr.org/ soon -- working title is "One Shot, One Trace, One Key: Cache-Timing Attacks on RSA Key Generation". We'll update the list with the full URL once it's posted.Can you post a link to the draft here please?
The preprint is now up: https://eprint.iacr.org/2018/367
The attack vector is not clear, does the attacker need to be on the same physical machine or is this a cross-vm attack?
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-0737 Your statement is pretty accurate. (Although I fail to see the difference between physical machine and cross-vm.) BBB
Current thread:
- CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Billy Brumley (Apr 16)
- Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Huzaifa Sidhpurwala (Apr 16)
- Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Billy Brumley (Apr 24)
- Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Huzaifa Sidhpurwala (Apr 24)
- Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Billy Brumley (Apr 24)
- Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Billy Brumley (Apr 19)
- Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Huzaifa Sidhpurwala (Apr 16)