Constant-Time Callees with Variable-Time Callers: https://eprint.iacr.org/2016/1195 featuring OpenSSL 1.0.1u ECDSA P-256 key recovery vulnerability.
-
-
Replying to @a_z_e_t
That paper suggests that BoringSSL is vulnerable, which is wrong. We had independently fixed it, largely thanks to Brian Smith.
1 reply 3 retweets 7 likes -
The paper clearly indicates an old (Nov 2015) version was vulnerable, not a newer one. You mean that claim in error?
1 reply 0 retweets 0 likes -
No, the paper is technically correct if you read it very carefully but is very unclear on the point.
1 reply 0 retweets 3 likes -
I think most people would get the wrong impression and experience tells me that I need to clarify such things quickly.
1 reply 0 retweets 3 likes -
I agree. reading through the paper it wasn't clear to me that had been fixed earlier by
@BRIAN_____2 replies 0 retweets 1 like
IIUC, Intel fixed it. I merely suggested to Google that they merge Intel's fix. Google did so & generalized it.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.