Suppose an OpenSSL buffer overflow allows code exec. Target is running Titus. Can't attacker steal key using, e.g., RSA_NO_PADDING? @__agwa
-
-
Replying to @hashbreaker
@hashbreaker Attacker can use private key to heart's content, but only while he has code exec in outer process. Like storing key in HSM.1 reply 0 retweets 2 likes -
Replying to @hashbreaker
Even if you limit to PKCS, has anyone analyzed how much is leaked from long fake "hashes"? Hashing should be inside security module.
@__agwa2 replies 1 retweet 2 likes
Replying to @hashbreaker
@hashbreaker @__agwa Take that to its logical conclusion: The entire crypto protocol implementation should be in the security module.
5:06 PM - 25 Dec 2015
0 replies
0 retweets
4 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.