"brian m. carlson" writes:
> On 2020-04-08 at 12:15:22, Daiki Ueno wrote:
>> "brian m. carlson" writes:
>> > [2] is an example of a cross-VM cryptographic timing attack, which can
>> > also be applied across processes. Other timing attacks are known even
>> > across networks.
>>
>> I am not su
On 2020-04-08 at 12:15:22, Daiki Ueno wrote:
> "brian m. carlson" writes:
> > [2] is an example of a cross-VM cryptographic timing attack, which can
> > also be applied across processes. Other timing attacks are known even
> > across networks.
>
> I am not sure why you suddenly mention cross-VM
"brian m. carlson" writes:
> On 2020-04-07 at 13:45:20, Daiki Ueno wrote:
>> "brian m. carlson" writes:
>>
>> > First, the code to verify the integrity hash is done with memcmp. This
>> > is not safe against timing attacks, so an attacker can tamper with the
>> > data and determine how much of
On 2020-04-07 at 13:45:20, Daiki Ueno wrote:
> "brian m. carlson" writes:
>
> > First, the code to verify the integrity hash is done with memcmp. This
> > is not safe against timing attacks, so an attacker can tamper with the
> > data and determine how much of the hash matches based on the amoun
"brian m. carlson" writes:
> First, the code to verify the integrity hash is done with memcmp. This
> is not safe against timing attacks, so an attacker can tamper with the
> data and determine how much of the hash matches based on the amount of
> time it takes[0]. This comparison should be don
Package: gnome-keyring
Version: 3.36.0-1
Severity: important
Tags: security upstream
gnome-keyring has several vulnerabilities with regard to its handling of
its encrypted data files.
First, the code to verify the integrity hash is done with memcmp. This
is not safe against timing attacks, so an
6 matches
Mail list logo
