There's a naive belief that hardware crypto means more secure crypto. In reality hardware crypto means crypto that's harder to audit.
I was grouping this sort of thing as exfil, but thought it was practical to run tests for.
-
-
RSA-CRT bug means if one calculation goes wrong you leak a key. This may happen after 10 million sigs. or if the device is too hot. or...
-
you can implement a countermeasure against that attack (verify sig before exposing), but you need to see the code to see if it's there
-
I guess this means the device you use the module with can guard against it, but loss of physical control could comprise key.
-
that's only one scenario, these errors can happen at random, and that really happens https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf …
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.