Cryptlib Information for VU#724968

RSA key reconstruction vulnerability

Status

Unknown. If you are the vendor named above, please contact us to update your status.

Vendor Statement

This Vulnerability Note addresses a covert channel issue that represents one particular instance of a large class of side-channel attacks made possible by certain architectural features of modern CPUs. While it's possible to (probably) work around this one instance, the only fully effective solution that will work against current as well as future attacks of this kind is to not place sensitive data or data-dependent code flow in a position where side- channel attacks are possible. The cryptlib documentation contains guidance on doing this in the section "Safeguarding Cryptographic Operations".

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.