| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <511A1A3C.5010501@algroup.co.uk> Date: Tue, 12 Feb 2013 10:32:28 +0000 From: Adam Laurie <adam@...roup.co.uk> To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk CC: Adam Laurie <adam@...roup.co.uk> Subject: Re: Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack On 11/02/13 09:11, Adam Laurie wrote: > The Atmel AT91SAM7XC series of microprocessors contain a crypto > co-processor which is DES and AES capable. They include a write-only > memory for key storage and multiple physical security measures to > prevent decapping etc. > > However, due to poor memory management, in certain circumstances it is > possible to recover the crypto keys from a live system via the standard > JTAG programming interface. These circumstances are made more likely to > exist in the wild by the fact that the example software provided by > Atmel is itself vulnerable. It has been pointed out that in fact the example code is not vulnerable due to a subtlety in variable declaration. I have amended the post to take this into account, and apologise for the mis-information. However, the point about lack of clarity on this issue still stands, and, as we've seen, the potential for error still exists. > > Full story here: > > > http://oamajormal.blogspot.co.uk/2013/02/atmel-sam7xc-crypto-co-processor-key.html cheers, Adam -- Adam Laurie Tel: +44 (0) 20 7993 2690 Suite 117 Fax: +44 (0) 20 7691 7776 61 Victoria Road Surbiton Surrey mailto:adam@...roup.co.uk KT6 4JX http://rfidiot.org
Powered by blists - more mailing lists