Problems: key not rotated enough, lack of entropy. So are these impls vulnerable to side-channel attacks?
#realworldcrypto
-
-
"I am not a cryptographer… I work on compilers." Much love to compiler wizards!
#realworldcryptoPrikaži ovu nit -
One of the two leads at Google for the Spectre response.
#realworldcryptoPrikaži ovu nit -
There are _so many side channels_. Why even bother trying to mitigate them all? Hard to exploit, there are plenty of others bugs to exploit, and you know, phishing still works.
#realworldcryptoPrikaži ovu nit -
Well if you use a side-channel attack, you have plausible deniability, no tracks left behind.
#realworldcryptoPrikaži ovu nit -
The side-channel threat model is (probably) not _your_ threat model…
#realworldcryptopic.twitter.com/KbA2X8XKA6
Prikaži ovu nit -
Exposing hardware telemetry via apis can expose hardware side channels as _software observable_ side channels. Eek.
#realworldcryptoPrikaži ovu nit -
Spectre expands our side-channel risks
#realworldcryptoPrikaži ovu nit -
"None of the software guarantees that you expected hold. Invisible bugs, that you can't see, everywhere."
#realworldcryptoPrikaži ovu nit -
There are more side-channel vulns (ones without logos!)
#realworldcryptoPrikaži ovu nit -
"Many forms of Spectre don't directly impact crypto code." You have to fix them at the hardware and OS level so, 'nothing to worry about'.
#realworldcryptoPrikaži ovu nit -
We hope hardware will fix these eventually, but it's not happening anytime soon.
#realworldcryptopic.twitter.com/6crcDrPHex
Prikaži ovu nit -
However, Spectre v1 will not be fixed, for decades. CPU vendors _do not know_ how to fix it. We have to plan on it being around for a long time.
#realworldcryptoPrikaži ovu nit -
-
-
Extracted from test suites at https://github.com/google/safeside
#realworldcryptopic.twitter.com/VR7F0p1eMF
Prikaži ovu nit -
"It's scary how few of the Spectre v1 mitigations are actually applied or applied correctly."
#realworldcryptoPrikaži ovu nit -
"These gadgets can look like almost anything, and the attacker can read anything from the process address space."
#realworldcryptoPrikaži ovu nit -
Spectre v1 will speculatively-execute past this check, spectrev1 don't give an f
#realworldcryptopic.twitter.com/k6zDwDYiw1
Prikaži ovu nit -
"We know there's a side channel right on the other side of this action, where you will access the private key."
#realworldcryptoPrikaži ovu nit -
Everyone should read NetSpectre! https://arxiv.org/pdf/1807.10535.pdf …
#realworldcryptoPrikaži ovu nit -
"The side channel is that you branch to a series of instructions that reduces the speed of the processor. "
#realworldcryptoPrikaži ovu nit -
This is the big case that really needs to care about these attacks: distributed keys for things like TLS termination
#realworldcryptopic.twitter.com/07ZbbB4iSn
Prikaži ovu nit -
-
Masking in a branchless way! Low cost mitigation, but hard to deploy
#realworldcryptopic.twitter.com/4aiP3FkZfX
Prikaži ovu nit -
It just doesn't work very often in practice
#realworldcryptoPrikaži ovu nit -
- Još 83 druga odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
crypto as in 'cryptography'