Re: BoringSSL private key loading is not constant time

[Billy Brumley <bbb () iki fi>]

Hey Jeff,

Good to hear from you -- it's been a while :)

> What does the attacker learn besides the key length?  Isn't that
> mostly public information, like the TLS options used during cipher
> suite negotiation?

I reckon you're aware, but just to make it explicit for the list lurkers:

key length and effective key length are not the same thing.

If I asked you to post the top byte of your BitCoin private key to this 
list, would you? (Maybe you would, right? There's not much entropy in one 
byte to begin with. But OTOH private key bits are private ...)

(Re: Peter's post, indeed I don't see much actual value in the leak. But I 
do believe in transparency, hence the PoC and oss-security post.)

Best,

BBB

--
Dr. Billy B. Brumley, D.Sc. (Tech.)
Director of Research, ESL Global Cybersecurity Institute (GCI)
Kevin O'Sullivan Endowed Professor, Department of Cybersecurity (CSEC)
Director, Platform Security Laboratory (PLATSEC)
Rochester Institute of Technology
Cybersecurity Hall 70-1770
100 Lomb Memorial Drive
Rochester, NY, 14623-5608, USA
S/MIME public key: https://people.rit.edu/bbbics/bbbics () rit edu crt
S/MIME public key: https://people.rit.edu/bbbics/bbb () iki fi crt
https://www.rit.edu/directory/bbbics-billy-brumley
https://www.rit.edu/cybersecurity/

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature