From owner-freebsd-security@FreeBSD.ORG Tue May 17 23:19:44 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 044E316A4CE; Tue, 17 May 2005 23:19:44 +0000 (GMT) Received: from pd4mo1so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9AA1043D7B; Tue, 17 May 2005 23:19:43 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd5mr3so.prod.shaw.ca (pd5mr3so-qfe3.prod.shaw.ca [10.0.141.144]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IGN00BHBQ2Z4NC0@l-daemon>; Tue, 17 May 2005 17:18:35 -0600 (MDT) Received: from pn2ml7so.prod.shaw.ca ([10.0.121.151]) by pd5mr3so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IGN00K8IQ2ZQY80@pd5mr3so.prod.shaw.ca>; Tue, 17 May 2005 17:18:35 -0600 (MDT) Received: from [192.168.0.60] (S0106006067227a4a.vc.shawcable.net [24.87.209.6]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0IGN00J0QQ2YXJ@l-daemon>; Tue, 17 May 2005 17:18:35 -0600 (MDT) Date: Tue, 17 May 2005 16:18:32 -0700 From: Colin Percival In-reply-to: <20050517225023.GA55428@VARK.MIT.EDU> To: David Schultz Message-id: <428A7BC8.2070405@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en X-Enigmail-Version: 0.91.0.0 References: <245f0df105051318564b1ffb6b@mail.gmail.com> <94145.1116037219@critter.freebsd.dk> <20050517225023.GA55428@VARK.MIT.EDU> User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050406) cc: freebsd-security@freebsd.org cc: Poul-Henning Kamp cc: "Drew B. \[Security Expertise/Freelance Security research\]." Subject: Re: FreeBSD Security Advisory FreeBSD-SA-05:09.htt [REVISED] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 May 2005 23:19:44 -0000 David Schultz wrote: > Some colleagues and I have a paper in submission that addresses > the issue of key-dependent control flow, much as you describe. Care to send me a pre-print? > If you're willing to wait a day or two, you don't even need to > have a local account: > > http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html 1. The Boneh-Brumley attack is specific to a particular method of performing large integer arithmetic (and thus only applies to RSA, DH, and DSS). My attack applies to essentially all code -- both crypto and non-crypto -- although I picked RSA/OpenSSL as a good demonstration platform. 2. The Boneh-Brumley attack was fixed two years ago. > I'm just reading Colin's paper now---so as you say, it sounds like > the punchline is that having a local account buys you a few orders > of magnitude in attack time. Kewl. No. On hyperthreaded systems which don't run FreeBSD or SCO, having a local account buys you an attack which would otherwise be impossible. (Unless you're running a really old version of OpenSSL.) Colin Percival