Profile picture
Colm MacCárthaigh @colmmacc
, 10 tweets, 3 min read Read on Twitter
Mini-thread: Congratulations to @eyalr0, @yuvalyarom, and @cryptodavidw on finding more cache attacks against TLS implementations. It's at cat.eyalro.net ! This is incredible boundary-pushing work that really goes deep and clearly took a lot of effort!
For AWS customers: you don't need to do anything and AWS services have not been impacted by this issue. For cryptography people who are interested in the Amazon s2n related parts of this paper, follow on ...
So basically this issue is a variant of Bleichenbacher's attack on RSA because of how PKCS #1 v1.5 padding works. The original attack works remotely over the network, and eventually recovers a private key by manipulating public RSA input.
This new issue a variant that uses micro-architectural (CPU-level) issues, so the attacker needs to be on the same machine. The impacted code-bases have secret-dependent branches in their code, and if an attacker can access the came CPU cache, then they can follow the branches.
For connections that do not use forward secrecy or resumption (which for interest is about 0.08% of connections we see, though that doesn't matter) TLS session keys are established by clients sending a secret to the server encrypted under RSA. This is the vulnerable path.
Actually, the original Bleichenbacher attack recovers the plaintext, not the key, sorry! But there's also a related attack than can be used to forge signatures.
Anyway, back to details! So in s2n, we do the SSL/TLS parts, but not the underlying crypto. We support OpenSSL, BoringSSL, LibreSSL and Apple's low level crypto libraries for doing the operations. In this path, basically we call OpenSSL/BoringSSL/LibreSSL's rsa_decrypt()
That's where "most" of the problem is, because internally the rsa_decrypt() function has branches. We also have a branch outside of it to detect errors, we're not convinced that branch on its own would be sufficient, we lean towards "no".
Later today, we'll merge a patch that Bryan Donlan from our cryptography team wrote to use a more "raw" RSA mode and so do all of the padding ourselves in s2n. So it'll work around the underlying API. Also credit to @davidben__ , who suggested this before!
We also have a patch for OpenSSL that adds a new mode that's safe by default, but it's an API change. Anyway, that's it really :)
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Colm MacCárthaigh
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @colmmacc see all

Profile picture
Another year, another bit closer. I'll never stop being amazed at just how bad Google is at AI and what they'll throw out there!
These lyrics composer and category errors have persisting for 8 years now, that I've been tracking. I give feedback every time I see one.
Previously:

, ,
Read 3 tweets
Profile picture
Last tweet thread of the year is a meta-one! I'm going to round up the most popular tweet threads I've done. Coming in at number 1: the most popular, by far, was all about how to generate and use random numbers safely.
Number 2: all about the quirks and delight of the modern Irish presidency. Éire Abú!
Number 3: All about TLS1.3 and why it's better:
Read 12 tweets
Profile picture
Very serious question: Are there AWS services that you think are missing? What new infrastructure, security, or data service would you most like to see us build? Here's why I'm asking ...
Every 5 years or so I look around and try to pick an area to work on, and then commit and persist. 10 years ago it was to build our edge: CloudFront, Route 53, and anti-DDOS. 5 years ago I moved to ELB and ended up building VPC Networking, HyperPlane, TLS, Cryptograpy and more ..
Time for another look around! I have some ideas myself already, mostly crazy, I'm curious about thoughts and suggestions from folks here.
Read 3 tweets

Related threads

Profile picture
La climatologue (ex cheffe du département climat de Georgia Tech) @curryja publie une analyse détaillée des projections de hausse de niveau des mers #Mini #Thread

curryja.files.wordpress.com/2018/11/specia…
Ce rapport lui a été commandé par des clients directement concernés, dont des assureurs. C'est un boulot sérieux produit pour le compte de gens très sérieux.
Les conclusions:
- Toutes les conclusions sont à regarder avec circonspection car la qualité des données de niveau des mers est moyenne.
Read 7 tweets
Profile picture
Mini #Thread - Les gens qui saccagent des Porsche ou similaires oublient que:
Un objet de luxe est un moyen très pacifique de prendre l'argent des riches en jouant sur leur snobisme, et de le redistribuer:
- à des ouvriers
- à des vendeurs
- à des garagistes
- etc,
Bref, tous les salariés participant à la chaine de valeur du luxe, qui sont loin d'être eux mêmes millionnaires, en bénéficient. Le luxe est de ce point de vue un créneau comme un autre.
Qui plus est, l'objet de luxe automobile (mais pas que) permet d'expérimenter des technologies qui, plus tard, trouveront place dans la voiture de M. Tout le monde.
Read 5 tweets
Profile picture
Mini #Thread - Pouvoirs publics: "Mais que faites vous de notre pognon ?" - Exemple du désastre financier annoncé du métro Grand Paris

contrepoints.org/2018/12/02/331…

Par @MPNathalie
Les calculs de la cour des comptes donnent le vertige: La dette consentie pour le MGP ne pourra être amortie qu'en 2084, et les frais financiers cumulés atteindront... 134 milliards, pour un investissement initial estimé (pour l'instant) à 38 Mds...
C'est embêtant, parce que ce genre d'équipement doit être remis à niveau tous les 30 ans environ. Et prendre un crédit supérieur à la durée de vie d'un équipement, ce n'est pas top en terme de gestion.
Read 7 tweets
Profile picture
#Thread 👇
AS we are all focused and arguing over the choice between @atiku and @MBuhari and following needless cat and mouse game over budget for #NigeriaDecides2019 NASS finally had the brainwave to divert N242.24bn (via virement) from existing budgets to fund 2019 elections.
Guess what budgets our dear overpaid #NASS led by @bukolasaraki choose to cut? Agriculture N11bn. HEALTH N8.05bn. EDUCATION N10.2bn. Works (roads included), Power and Housing N25.5bn. Science & Tech - N7.46bn. Water Resources - N12.95bn and more. Budget trackers went DEAF n BLIND
.@bukolasaraki and his cabal in #NASS claims these cuts were agreed on with the Presidency. This is a clever by half claim for those who forget how the @inecnigeria budget became a convenient weapon and was endlessly delayed by NASS. Weponised delay. saharareporters.com/2018/08/18/n18…
Read 13 tweets
Profile picture
Part-Time Work Options for international students going to study in Germany.

Another #thread

Retweet someone from your list might just be applying to study in Germany without your knowledge.
Wondering about work options during your studies in Germany... here I will explore the many jobs you can take up. I understand there are many consideration that affect a students decision to choose a country... Jobs are very important for international students
Before we move forward, I must mention there are two aspects to part-time work. One being the eligibility and laws relevant to part time works options for international students

As an international students, you are allowed to take up part time employment along with ur studies
Read 18 tweets
Profile picture
Mini #Thread Règle numéro 1 du projet foireux:
- Si vous vous rendez compte qu'un projet est tellement foireux qu'il va vous coûter beaucoup d'argent, vous devez l'abandonner, MÊME SI VOUS PERDEZ CE QUE VOUS Y AVEZ DÉJA MIS.
Il vaut mieux abandonner un projet qui vous a coûté, disons, 500 millions, mais risque de vous faire perdre 200 millions par an quand vous y aurez mis 1 milliard, plutôt que de s'entêter.
Bref, quand on se rend compte qu'on s'est fourvoyé, il faut l'assumer.
Application pratique: si le gouvt a des éléments pour penser que le prélèvement à la source est pour lui un risque majeur, alors il DOIT l'abandonner, même si cela fera rire de lui. /fin
Read 3 tweets

Trending hashtags

#WeshallOvercome #FemaleGOPutriDepravity #MSDyn356 #TheResistance #FarmerMoni #STAR #GrabbingOfPower #Levothyrox #GOPoliticalOperatives #AmericasVeryBestPpl #ResistAndWin #WhiteSheetsAndHoods #Sepsis #mylifewithstan #SaturdaySchool #GOPhucquerz #SaveOurSociety #academia #InstitionalizedDecriminalization #HappyNewYear2019 #AspirationalDemocracy #TeamMueuller #CyberTerrorism #InvalidateElection2016 #GrievouslyOppressivePutridity

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!