New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Investigate RSA side channel from Usenix Security #1222
Comments
|
Assigned CVE-2017-14737 |
|
will this issue be backported to branch 1.10? thank you |
|
Yes I plan to backport the patch and release 1.10.17 at the same time as 2.3.0 |
|
Fixed in trunk, releases coming on Monday |
|
Any idea if they have released this CacheD tool ? I can't find it. |
|
I emailed the authors on that topic, they replied that it was not public yet and they were considering their options. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Looking through papers from this years Usenix Security I come across an interesting one on identifying cache-based timing channels.
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai
Hm I wonder what bugs they found... from the abstract "Moreover, we have successfully discovered previously unknown issues in two widely used cryptosystems, OpenSSL and Botan." well then!
They analyze 1.10.3 but the paper mentions "we notice that this vulnerability affects
several other versions of Botan, including 1.10.12, 1.10.11, and 1.11.33." (and so presumably 2.x also).
Haven't read the paper carefully enough to understand the issue yet but hopefully this can be addressed in time for 2.3
FTR I never received any contact about this ... shrug
The text was updated successfully, but these errors were encountered: