[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [oss-security] CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths



On 04/16/2018 10:16 PM, Billy Brumley wrote:

> 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787
> 
> we verified with a debugger they cumulatively solve (1) (2) and (3).
> 
> Look for our preprint on http://eprint.iacr.org/ soon -- working title
> is "One Shot, One Trace, One Key: Cache-Timing Attacks on RSA Key
> Generation". We'll update the list with the full URL once it's posted.
> 


Can you post a link to the draft here please?

The attack vector is not clear, does the attacker need to be on the same
physical machine or is this a cross-vm attack?



-- 
Huzaifa Sidhpurwala / Red Hat Product Security Team