| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1374820269.59268.YahooMailNeo@web171706.mail.ir2.yahoo.com> Date: Fri, 26 Jul 2013 07:31:09 +0100 (BST) From: Hurgel Bumpf <l0rd_lunatic@...oo.com> To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack Just found this online.. might be of interest Abstract: Flush+Reload is a cache side-channel attack that monitors access to data in shared pages. In this paper we demonstrate how to use the attack to extract private encryption keys from GnuPG. The high resolution and low noise of the Flush+Reload attack enables a spy program to recover over 98% of the bits of the private key in a single decryption or signing round. Unlike previous attacks, the attack targets the last level L3 cache. Consequently, the spy program and the victim do not need to share the execution core of the CPU. The attack is not limited to a traditional OS and can be used in a virtualised environment, where it can attack programs executing in a different VM. Category / Keywords: Side Channel Attack, Cache, RSA, Exponentiation Date: received 18 Jul 2013 By: Yuval Yarom and Katrina Falkner http://eprint.iacr.org/2013/448 Direct PDF: http://eprint.iacr.org/2013/448.pdf --- Have a nice Friday, Bonan the bavarian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists