Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Timing based ECDSA key recovery #677

Closed
tomato42 opened this issue Jun 24, 2020 · 1 comment
Closed

Timing based ECDSA key recovery #677

tomato42 opened this issue Jun 24, 2020 · 1 comment
Assignees
@GeorgePantelakis
Labels
complex Issues that require good knowledge of tlsfuzzer internals enhancement new feature to be implemented help wanted new test script will require creation of a new connection script
Projects
Vulnerability testers

Comments

@tomato42
Copy link
Member

tomato42 commented Jun 24, 2020
edited

The Minerva attack describes how to recover the ECDSA key from the server based on time it takes it to create ECDSA signatures.

https://minerva.crocs.fi.muni.cz/

by having access to private key of the server we should be able to extract the nonce used for signature and thus calculate the classes for timing behaviour (i.e. mark with class 0 signatures that use nonce with bit length == to order, 1 for ones that use nonce a bit smaller, etc.)
@tomato42 tomato42 added enhancement new feature to be implemented new test script will require creation of a new connection script complex Issues that require good knowledge of tlsfuzzer internals labels Jun 24, 2020
@tomato42 tomato42 added this to To do in Vulnerability testers via automation Jun 24, 2020
@GeorgePantelakis GeorgePantelakis self-assigned this May 10, 2024
@GeorgePantelakis
Copy link
Contributor

Tlsfuzzer now includes Minerva attack gathering, extraction and analysis.

Vulnerability testers automation moved this from To do to Done May 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@GeorgePantelakis GeorgePantelakis

Labels
complex Issues that require good knowledge of tlsfuzzer internals enhancement new feature to be implemented help wanted new test script will require creation of a new connection script
Projects
Vulnerability testers
  
Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tomato42 @GeorgePantelakis