FYI: Flush+Reload attack on OpenSSL's ECDSA
Damien Miller
djm at mindrot.org
Sun Mar 2 20:59:12 EST 2014
On Sat, 1 Mar 2014, mancha wrote:
> Here's a recently-published paper that describes a flush & reload
> attack on OpenSSL's ECDSA implementation:
>
> http://eprint.iacr.org/2014/140.pdf
>
> According to the authors, snooping a single signing round is
> sufficient to recover the secret key.
It sounds like an interesting technique, though I note that they
attacked signing using one of the GF(2^m) curves rather than the
GP(p) curves that almost everything uses. Why?
-d
More information about the openssh-unix-dev
mailing list