[RndTbl] openssl bug
Trevor Cordes
trevor at tecnopolis.ca
Mon Mar 14 00:31:20 CDT 2016
A side-channel attack was found which makes use of cache-bank conflicts on
the Intel Sandy-Bridge microarchitecture which could lead to the recovery
of RSA keys. The ability to exploit this issue is limited as it relies on
an attacker who has control of code in a thread running on the same
hyper-threaded core as the victim thread which is performing decryptions.
This issue affects OpenSSL versions 1.0.2 and 1.0.1.
========
Uhh... Umm... OK. How does one decide to start looking at hardware
cache-bank conflicts to hack RSA keys?
Worse yet, how is a programmer supposed to think of this stuff in his
"brainstorm what can go wrong" phase of programming? "Oh, I need to alter
my code to ensure it uses different cache banks on Sandy-Bridge." This is
insane.
More information about the Roundtable
mailing list