FYI: Flush+Reload attack on OpenSSL's ECDSA

mancha mancha1 at hush.com
Sun Mar 2 08:26:59 EST 2014

Previous message: Call for testing: OpenSSH 6.6
Next message: FYI: Flush+Reload attack on OpenSSL's ECDSA
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Here's a recently-published paper that describes a flush & reload
attack on OpenSSL's ECDSA implementation:

http://eprint.iacr.org/2014/140.pdf

According to the authors, snooping a single signing round is
sufficient to recover the secret key.

--mancha

Previous message: Call for testing: OpenSSH 6.6
Next message: FYI: Flush+Reload attack on OpenSSL's ECDSA
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the openssh-unix-dev mailing list