By the way, these responses have been very thoughtful. I just wanted to
say thanks!
/*
* Michael R. Hines
* Staff Engineer, DigitalOcean.
*/
On 07/28/2018 08:44 AM, Michael Wojcik wrote:
From: Michael R. Hines [mailto:mrhi...@digitalocean.com]
Sent: Friday, July 27, 2018 19:06
Forgive the
> From: Michael R. Hines [mailto:mrhi...@digitalocean.com]
> Sent: Friday, July 27, 2018 19:06
>
> Forgive the stupid question, but what's the takeaway for a cloud
> provider?
Well, in general, it's probably the commonplace that security is a process, not
a product. There will always be new attac
On 07/27/2018 01:44 PM, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
Of Jakob Bohm
Sent: Friday, July 27, 2018 11:52
And once you have done all that work to protect the cryptographic
library, the CPU vulnerability still allows the attacker to o
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Jakob Bohm
> Sent: Friday, July 27, 2018 11:52
>
> And once you have done all that work to protect the cryptographic
> library, the CPU vulnerability still allows the attacker to observer
> the non-cryptographic applica
On 27/07/2018 16:20, Michael R. Hines via openssl-users wrote:
On 07/27/2018 09:12 AM, Michael Wojcik wrote:
We're trying to decide if we can avoid disabling hyperthreading, as our
measurements show that the performance losses (even with integer
workloads) are significant.
Might anyone be ab
On 07/27/2018 09:12 AM, Michael Wojcik wrote:
We're trying to decide if we can avoid disabling hyperthreading, as our
measurements show that the performance losses (even with integer
workloads) are significant.
Might anyone be able to comment on this particular type of attack in
OpenSSL?
Ce
> From: Michael R. Hines [mailto:mrhi...@digitalocean.com]
> Sent: Friday, July 27, 2018 07:48
>
>
> On 07/27/2018 08:35 AM, Michael Wojcik wrote:
> >
> > (I'm only commenting on TLBleed here because I'm not sure what you
> > mean by "non-constant-time attack". TLBleed isn't a timing side channel,
On 07/27/2018 08:35 AM, Michael Wojcik wrote:
Our team is trying to get an accurate understanding of whether or not
cryptographic libraries are vulnerable to the kind of non-constant-time
attack used by exploits such as the one recently documented here:
https://www.vusec.net/wp-content/uploads/
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Michael R. Hines via openssl-users
> Sent: Thursday, July 26, 2018 14:49
>
> Our team is trying to get an accurate understanding of whether or not
> cryptographic libraries are vulnerable to the kind of non-constant-tim
Good afternoon,
Our team is trying to get an accurate understanding of whether or not
cryptographic libraries are vulnerable to the kind of non-constant-time
attack used by exploits such as the one recently documented here:
https://www.vusec.net/wp-content/uploads/2018/07/tlbleed-author-prepri
10 matches
Mail list logo
