Related to possible side channel attacks.
Details
Details
Description
Jul 10 2019
Jul 10 2019
werner added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.
Check out the mailing list gcrypt-devel@
ware added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.
Folks, I was just wondering if I could get an update on where we are with this bug. It seems we aren't sure if it's a real issue or not. What's the latest thought?
Jun 23 2019
Jun 23 2019
slandden added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.
Werner, I interpreted jwilik's patch as admission of a problem from upstream, and reported it as such to CVE. I felt that since this does not effect the main platforms (ARM and x86_64) it would not be a big deal. If I interpreted wrong, I am sorry.
slandden added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.
I assigned the CVE, but yes it needs more facts.
werner added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.
Andreas, I wonder on which grounds you assigned a CVE for this claimed side-channel attack. The mentioned paper is about an old RSA side-channel and not on AES. I would like to see more facts than the reference to a guy who knows PPC pretty well.
Jun 22 2019
Jun 22 2019
ametzler1 added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.
This bug has been assigned CVE-2019-12904. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904
Jun 6 2019
Jun 6 2019
slandden updated the task description for T4541: C implementation of AES is vulnerable to side-channel attacks.
May 30 2019
May 30 2019
slandden updated the task description for T4541: C implementation of AES is vulnerable to side-channel attacks.
May 29 2019
May 29 2019
werner added a project to T4541: C implementation of AES is vulnerable to side-channel attacks: side-channel.