Conversation

Notices

1. Embed this notice
   Soatok Dreamseeker (soatok@furry.engineer)'s status on Thursday, 15-Aug-2024 09:08:47 JST Soatok Dreamseeker

   "Project lead admits to knowingly shipping side-channel vulnerabilities in their crypto library" was not on my Matrix vuln disclosure reaction bingo card

   Not gonna lie this is a new one even for me

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 15-Aug-2024 21:19:43 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     • CyberFrog

     @froge @soatok OpenSSL is dragging their feet on killing weak RSA because people use it for testing. :-(

     I think we should just start giving keys like this when a 512 bit key is requested:

     -----BEGIN RSA PRIVATE KEY-----
     MIIBUgIBAAJBAKpg//++WEAK+512+BIT+KEY+FOR+TEST+ONLY++++DANGER++//
     0rO6rZovwzaBgP4SxtCsUiyDMyT/1wF9Ma0CAwEAAQJAC6topVLbdwlhBM+AMx48
     2s/AZNAJWib2oa5QaA83cniaXNXolcM9NZT/UDoqwx+BJFn6rojXcWG9ORpqUXe8
     iQI5AWX/GfqHy2Z0b5MpyMy9OP3iNt7AUMjS9ejCSx6z4khIWw58ZytSUnATnC2D
     hcE3NTnznGzLC7l5Agh51h2n14Lg1QI5ASoI1nfb1VnWVY0OnDzWyzuRuFx5fsex
     2UeNeTx2RUwn8KZ+quVGA5uKt9qsRA43B/jW9sMbxwcBAggBF1zeovyGHQI5ARLe
     j5Jc58CPnHyGrZUTNLUHgFMjpZH2BUqZFEvIUPm+LXcVWpPZWi2GzERa9cRaTcsb
     W6omvrw/
     -----END RSA PRIVATE KEY-----
     
   • Embed this notice
     CyberFrog (froge@social.glitched.systems)'s status on Thursday, 15-Aug-2024 21:19:45 JST CyberFrog

     in reply to

     @soatok@furry.engineer to be fair this happens more than it should, OpenSSL for example ships default fallback code which will do most of their crypto without any constant time instructions... this is a particularly big issue on RISC-V chips, see the below github issue.
     
     IMPORTANT DISCLAIMER: OpenSSL does this due to hardware limitations, not because they feel like doing it, unlike matrix devs ;)
     
     https://github.com/openssl/openssl/issues/20980