Date: Tue, 17 May 2005 16:18:32 -0700 From: Colin Percival <cperciva@freebsd.org> To: David Schultz <das@freebsd.org> Cc: "Drew B. \[Security Expertise/Freelance Security research\]." <d4rkstorm@gmail.com> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-05:09.htt [REVISED] Message-ID: <428A7BC8.2070405@freebsd.org> In-Reply-To: <20050517225023.GA55428@VARK.MIT.EDU> References: <245f0df105051318564b1ffb6b@mail.gmail.com> <94145.1116037219@critter.freebsd.dk> <20050517225023.GA55428@VARK.MIT.EDU>
next in thread | previous in thread | raw e-mail | index | archive | help
David Schultz wrote: > Some colleagues and I have a paper in submission that addresses > the issue of key-dependent control flow, much as you describe. Care to send me a pre-print? > If you're willing to wait a day or two, you don't even need to > have a local account: > > http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html 1. The Boneh-Brumley attack is specific to a particular method of performing large integer arithmetic (and thus only applies to RSA, DH, and DSS). My attack applies to essentially all code -- both crypto and non-crypto -- although I picked RSA/OpenSSL as a good demonstration platform. 2. The Boneh-Brumley attack was fixed two years ago. > I'm just reading Colin's paper now---so as you say, it sounds like > the punchline is that having a local account buys you a few orders > of magnitude in attack time. Kewl. No. On hyperthreaded systems which don't run FreeBSD or SCO, having a local account buys you an attack which would otherwise be impossible. (Unless you're running a really old version of OpenSSL.) Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?428A7BC8.2070405>