[Ach] interesting side channel attack against openssl < 1.0.0l
L. Aaron Kaplan
kaplan at cert.at
Wed Mar 26 10:57:12 CET 2014
Hi bettercrypto-niks,
FYI:
http://cxsecurity.com/issue/WLB-2014030197
is an interesting discussion on how to do Yuval Yarom's FLUSH+RELOAD attack on getting ECDSA nounces via side channel attacks.
Might make sense to upgrade to openssl 1.0.0l where this seems to have been fixed by Yuval.
Cheers,
Aaron.
---
// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - http://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20140326/bf3e2808/attachment.sig>
More information about the Ach
mailing list