Cryptlib Information for VU#724968
RSA key reconstruction vulnerability
- Vendor Information Help Date Notified: 28 Jun 2007
- Statement Date:
- Date Updated: 02 Aug 2007
Unknown. If you are the vendor named above, please contact us to update your status.
This Vulnerability Note addresses a covert channel issue that represents one particular instance of a large class of side-channel attacks made possible by certain architectural features of modern CPUs. While it's possible to (probably) work around this one instance, the only fully effective solution that will work against current as well as future attacks of this kind is to not place sensitive data or data-dependent code flow in a position where side- channel attacks are possible. The cryptlib documentation contains guidance on doing this in the section "Safeguarding Cryptographic Operations".
The vendor has not provided us with any further information regarding this vulnerability.
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.