[Uta] New approach to timing attacks against RSA key exchange - the Marvin Attack
Hubert Kario <hkario@redhat.com> Tue, 26 September 2023 21:14 UTC
Return-Path: <hkario@redhat.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 307E6C151061 for <uta@ietfa.amsl.com>; Tue, 26 Sep 2023 14:14:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5crO81f5YvrH for <uta@ietfa.amsl.com>; Tue, 26 Sep 2023 14:14:50 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D50E4C14CE55 for <uta@ietf.org>; Tue, 26 Sep 2023 14:14:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1695762888; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jl5crmjRtzvfjyYMj6NQuzATPZyNSD4DJ5GN4Nr6R7U=; b=L20g6/RFJYHAzr7rbZh4LJ3ozoJPW1ChVkNJp5ktVEpch4PZkw84GZB5sw7PdXCUWGH3ST BX59iAof+AcZ88oW0p+f/0JzcDsKZbSe64RSlERjjezlwyA6mLJ56340yI7EMlseepgCZn x5zVBV8yqv0E73E9gdLVPIMS4WbFhwQ=
Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-639-Yv8IxZiJM8axcuQq9her3A-1; Tue, 26 Sep 2023 17:14:47 -0400
X-MC-Unique: Yv8IxZiJM8axcuQq9her3A-1
Received: by mail-ed1-f72.google.com with SMTP id 4fb4d7f45d1cf-5334392eb67so19167538a12.1 for <uta@ietf.org>; Tue, 26 Sep 2023 14:14:47 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695762886; x=1696367686; h=content-transfer-encoding:user-agent:organization:message-id :mime-version:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jl5crmjRtzvfjyYMj6NQuzATPZyNSD4DJ5GN4Nr6R7U=; b=NVYSHavTusveNc5ksRRKZZbwAMzXHgaHqbUx2796AgZI77a7r+U3C8BAxNWG0WsOIs Me+LNXw0tLrvRokIQp5Yh5rQ1pEIScUM7WDx7voF5rHJzKbVCLuX3TOgJIJuBHAU4jVH HtthYxULxw5+53BGT5qwSObnHygykYoXsLvCfVATQxVAIxuGOXlrxNfLL4Sc8NvLaYB2 aQw7r5ez9Farw6rwmvCkeWAttI3ar+3U+Mdv3dNK/JofAK0+nPiUq1oiGyBJMkdOtd8v G5Ziz2wVnBwMWiiMLXB59xAWU9nV9rsubWLOdIG1bl+pCCyQ4ROLnJisyiE45h4ylXpX 4mNg==
X-Gm-Message-State: AOJu0YyqAEP8OfZ9AGwkYMFtynl2iMHZvN5DmZfzQQ3luyW0KLsa7S2m dSQPY8jdSBy3cD51cXtOuFXNCQyBSLXHZfAfM09QpGAANGT4lk4Oiz0erPYU4r1kitx4UzXuujL 2iBJtv/Zv2hFll9rLa/a4waKLw1FBgrD0em+ZsKEaWk5AVbgSUxxcCb5Bkn+b
X-Received: by 2002:a05:6402:349:b0:523:b37e:b83b with SMTP id r9-20020a056402034900b00523b37eb83bmr104145edw.13.1695762886154; Tue, 26 Sep 2023 14:14:46 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IH1+bB5/Zyxa00nN3wM5acXgOJIsDUCSA1WmvGMXpnLtnaIrH0RxvoE27uxJiV1udfc5rfy0Q==
X-Received: by 2002:a05:6402:349:b0:523:b37e:b83b with SMTP id r9-20020a056402034900b00523b37eb83bmr104137edw.13.1695762885784; Tue, 26 Sep 2023 14:14:45 -0700 (PDT)
Received: from localhost (77-60-72-74.biz.kpn.net. [77.60.72.74]) by smtp.gmail.com with ESMTPSA id h9-20020aa7c609000000b00532c1dfe8ecsm7089203edq.66.2023.09.26.14.14.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Sep 2023 14:14:45 -0700 (PDT)
From: Hubert Kario <hkario@redhat.com>
To: uta@ietf.org, tls@ietf.org
Date: Tue, 26 Sep 2023 23:14:45 +0200
MIME-Version: 1.0
Message-ID: <e4264e01-5785-471b-8d24-5a79ee51ddf8@redhat.com>
Organization: Red Hat
User-Agent: Trojita/0.7-git; Qt/5.15.9; xcb; Linux; Fedora release 37 (Thirty Seven)
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/fWPHW9AjYFXlkQYkKhmyD0bOMI8>
Subject: [Uta] New approach to timing attacks against RSA key exchange - the Marvin Attack
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Sep 2023 21:14:52 -0000
Hello, Today we made public the new approach for attacking RSA key exchange in TLS, and RSA based encryption in general (many multiple bugs we discovered were caused by side channels in numerical library, which makes OAEP implementations also vulnerable). As usual, the recommendation is not to use PKCS#1 v1.5 padding. All the details can be found on the vulnerability page: https://people.redhat.com/~hkario/marvin/ -- Regards, Hubert Kario Principal Quality Engineer, RHEL Crypto team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
- [Uta] New approach to timing attacks against RSA … Hubert Kario