[Botan-announce] Botan ECDSA side channel

Jack Lloyd jack at randombit.net
Wed Jun 13 12:41:03 EDT 2018


Botan (along with OpenSSL, NSS, libgcrypt, etc) is affected by an ECDSA side
channel found by Keegan Ryan of NCC group, and described here:

https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/

The attack allows key recovery, but requires the attacker be both running on the
same machine (able to conduct a cache-based side channel) and able to trigger
ECDSA signature generation on demand. For instance a TLS server using ECDSA
certificate and running in a cloud environment might be vulnerable.

A patch will be included in the 2.7.0 release on July 2nd. If side channels are
a concern in your environment, you can apply the patch from
https://github.com/randombit/botan/pull/1604

Jack


More information about the botan-announce mailing list