Making the rounds, complete w/ sensationalized headline: https://www.theregister.co.uk/2018/06/22/intel_tlbleed_key_data_leak/ … Short version: libgcrypt doesn't follow best practices to avoid side channel leak of keys. Crypto that does (BoringSSL, OpenSSL, BearSSL, maybe others) shouldn't be impacted. Use them, update often.
(BoringSSL always did Ed25519 the way it does now; I'm referring to the implementation of other curves.) Anyway, I don't mean to take away anything from OpenSSL or BoringSSL here but rather I'm just pointing out that it's far from clear that the problem is limited to libgcrypt.
-
-
(see other tweet - to the extent that is the case in both BoringSSL and OpenSSL, TLBleed doesn't seem to make it much worse than existing side-channel attacks)
-
Well, that's less exciting then. I was hoping (having not read the paper that's not available yet) that it would be a more easily-exploitable side channel than the existing side channel attacks.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.