might be of some interest, h/t to Jeff Walton:
---------- Forwarded message ----------
From: Hurgel Bumpf <l0rd_lunatic(_at_)yahoo(_dot_)com>
Date: Fri, Jul 26, 2013 at 2:31 AM
Subject: [Full-disclosure] Flush+Reload: a High Resolution, Low Noise,
L3 Cache Side-Channel Attack
To: "full-disclosure(_at_)lists(_dot_)grok(_dot_)org(_dot_)uk"
<full-disclosure(_at_)lists(_dot_)grok(_dot_)org(_dot_)uk>
Just found this online.. might be of interest
Abstract: Flush+Reload is a cache side-channel attack that
monitors access to data in shared pages. In this paper we demonstrate
how to use the attack to extract private encryption keys from GnuPG.
The high resolution and low noise of the Flush+Reload attack enables a
spy program to recover over 98% of the bits of the private key in a
single decryption or signing round. Unlike previous attacks, the attack
targets the last level L3 cache. Consequently, the spy program and the
victim do not need to share the execution core of the CPU. The attack
is not limited to a traditional OS and can be used in a virtualised
environment, where it can attack programs executing in a different VM.
Category / Keywords: Side Channel Attack, Cache, RSA, Exponentiation
Date: received 18 Jul 2013
By: Yuval Yarom and Katrina Falkner
http://eprint.iacr.org/2013/448
Direct PDF: http://eprint.iacr.org/2013/448.pdf
---
Have a nice Friday,
Bonan the bavarian
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp