recentpopularlog in


« earlier   
'CVS: src' - MARC
Add protection for private keys at rest in RAM against speculation
and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and
Rambleed. This change encrypts private keys when they are not in use
with a symmetic key that is derived from a relatively large "prekey"
consisting of random data (currently 16KB).

Attackers must recover the entire prekey with high accuracy before
they can attempt to decrypt the shielded private key, but the current
generation of attacks have bit error rates that, when applied
cumulatively to the entire prekey, make this unlikely.

Implementation-wise, keys are encrypted "shielded" when loaded and then
automatically and transparently unshielded when used for signatures or
when being saved/serialised.

Hopefully we can remove this in a few years time when computer
architecture has become less unsafe.
Meltdown  spectre  rowhammer  rambleed  security  intel  cpu  memory  computer 
june 2019 by dentarg
rowhammer is back with a vengence...
DRAM  RAM  ECC  memory  attack  exploit  rowhammer  security  hacking  pentesting 
june 2019 by asteroza
ECCploit: ECC Memory Vulnerable to Rowhammer Attacks After All - VUSec
DD3, but they think the same timing sidechannel is present in DDR4...
rowhammer  attack  exploit  timing  side  channel  DDR3  ECC 
november 2018 by asteroza
RT : The opcode-flipping demo of our talk "Another Flip in the Row" @ is now online:…
rowhammer  BHUSA  from twitter
august 2018 by blackthorne
Academics Publish New Software-Level Protections Against Spectre and Rowhammer Attacks - Slashdot
Catalin Cimpanu, writing for BleepingComputer: Academics from multiple universities have announced fixes for two severe security flaws known as Spectre and Rowhammer. Both these fixes are at the software level, meaning they don't require CPU or RAM vendors to alter products, and could, in theory, be...
cis3360  cis4615  rowhammer  meltdown  spectre  cop4600 
august 2018 by mikeRuns

Copy this bookmark:

to read