[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fine grain Cross-VM Attacks on Xen and VMware (AES)

To: Cypherpunks <[email protected]>
Subject: Fine grain Cross-VM Attacks on Xen and VMware (AES)
From: [email protected] (Griffin Boyce)
Date: Tue, 22 Apr 2014 13:33:35 -0400

'AES in a number popular cryptographic libraries including OpenSSL, 
PolarSSL and Libgcrypt are vulnerable to Bernsteinâ??s correlation attack 
when run in Xen and VMware virtual machines, the most popular VMs used 
by cloud service providers.'

Abstract: http://eprint.iacr.org/2014/248
Paper: http://eprint.iacr.org/2014/248.pdf

So in a nutshell, if you want to steal a website's private keys, you can 
get an account on their hosting provider and at least have a shot at 
getting on the same physical server ;-)

~Griffin

Follow-Ups:
- Fine grain Cross-VM Attacks on Xen and VMware (AES)
  - From: [email protected] (Peter Gutmann)

Prev by Date: HW backdoors
Next by Date: [cryptography] The next gen P2P secure email solution
Previous by thread: HW backdoors
Next by thread: Fine grain Cross-VM Attacks on Xen and VMware (AES)
Index(es):
- Date
- Thread