@matthew_d_green I.e., that the blinding factor won't have enough entropy to be safe?
-
-
-
@matthew_d_green ...and then using it *only for blinding* so no entropy derived from the key ever appears outside OpenSSL be safer? -
@puellavulnerata Well it's not clear that no entropy from the key wouldn't appear outside of OpenSSL. Blinding (in theory) affects timings. -
@puellavulnerata But more to the point, it's /probably/ safe to seed with a hash of the private key. But much safer to abort... -
@puellavulnerata ...or switch to constant time decryption.
End of conversation
New conversation -
-
-
@matthew_d_green isn't the whole point "seed from urandom else hard fail"? The pool is *always* seeded, this is just deleting dead code. -
@eqe Wasn't this the whole point of Mining Ps and Qs? -
@eqe Truthfully I don't know. The code was added because someone thought it could happen. It was removed because someone feared it could. -
@matthew_d_green obsd doesn't need workarounds for shitty kernels because theirs isn't (at least not like that). They *should* delete it.
End of conversation
New conversation -
-
-
@matthew_d_green um, should someone maybe mention that to them? -
@matthew_d_green casual semidisclosure is MY job! -
@0xabad1dea@matthew_d_green 75% of those commits deserve a critical notification to OpenSSL :/
End of conversation
New conversation -
-
-
@matthew_d_green It seems to me it should have been replaced with an assert, if the idea is to fail hard when entropy isn't seeded. -
@defiler I think the idea was not to fail hard. I don't know why they felt they needed to keep going. I assume they had some reason.
End of conversation
New conversation -
-
-
@matthew_d_green GIven that the RSA key is static, wouldn't the timing attack be still possible even without the removal of that part? -
@renaudallard It sucks yes, but private key + process ID + time (?) seems like it should make the attack impractical...
End of conversation
New conversation -
-
-
@matthew_d_green RAND_status() always returns 1 in the OpenBSD fork, this is removing dead code!Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.