[Ach] interesting side channel attack against openssl < 1.0.0l

L. Aaron Kaplan kaplan at cert.at
Wed Mar 26 10:57:12 CET 2014


Hi bettercrypto-niks,


FYI:

  http://cxsecurity.com/issue/WLB-2014030197

is an interesting discussion on how to do Yuval Yarom's FLUSH+RELOAD attack on getting ECDSA nounces via side channel attacks.
Might make sense to upgrade to openssl 1.0.0l where this seems to have been fixed by Yuval.

Cheers,
Aaron.



--- 
// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - http://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20140326/bf3e2808/attachment.sig>


More information about the Ach mailing list