FreeBSD Security Advisory FreeBSD-SA-05:09.htt [REVISED]
Colin Percival
cperciva at freebsd.org
Tue May 17 16:19:44 PDT 2005
David Schultz wrote:
> Some colleagues and I have a paper in submission that addresses
> the issue of key-dependent control flow, much as you describe.
Care to send me a pre-print?
> If you're willing to wait a day or two, you don't even need to
> have a local account:
>
> http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html
1. The Boneh-Brumley attack is specific to a particular method of
performing large integer arithmetic (and thus only applies to RSA,
DH, and DSS). My attack applies to essentially all code -- both
crypto and non-crypto -- although I picked RSA/OpenSSL as a good
demonstration platform.
2. The Boneh-Brumley attack was fixed two years ago.
> I'm just reading Colin's paper now---so as you say, it sounds like
> the punchline is that having a local account buys you a few orders
> of magnitude in attack time. Kewl.
No. On hyperthreaded systems which don't run FreeBSD or SCO, having
a local account buys you an attack which would otherwise be impossible.
(Unless you're running a really old version of OpenSSL.)
Colin Percival
More information about the freebsd-security
mailing list