There's a naive belief that hardware crypto means more secure crypto. In reality hardware crypto means crypto that's harder to audit.
I guess this means the device you use the module with can guard against it, but loss of physical control could comprise key.
-
-
that's only one scenario, these errors can happen at random, and that really happens https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf …
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I wonder if any drivers/sw for usb crypto modules implement this protection.
-
that would be very wise. interesting thought, because there's no reason not to do this, you only need the sig and the public key for it.
-
Further thought: is it still possible to exfil key via padding?
-
I'm not aware of any padding attacks that can leak keys. They usually only allow decrypting or signing with the key.
-
I mean if a malicious hardware module *wanted* to leak bits of the private key in ways its creator could recover.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.