Re: Clarifications on RSA timing attack CVE-2022-4304

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Saturday, 11 March 2023 04:10:58 CET, Girish Yerra wrote:
Hi All,
I am not sure if this is the right forum to discuss the aspects of the CVE. Feel free to close this and point me to the right forum.

I am looking for some more specific details on the attack description. I am mainly looking for some of the details and clarifications.

1. For timing attacks the popular counter measure is to apply blinding which makes it timing resistant. Does this countermeasure fail in this case?

While blinding protects against a leaky mod-exp implementation, unblinding
still has to be done in constant time manner. That wasn't done.
See some of the discussions in https://github.com/openssl/openssl/pull/20281

2. What is the order of the trials that an attacker requires to mount this attack ?

Please share any reference paper giving more details of this attack.

We're still working on a paper.

--
Regards,
Hubert Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux