=== weechat1 is now known as Oblivion | ||
teward | TJ-: um, question: has that been escalated to OpenSSH yet? | 16:57 |
---|---|---|
teward | (the shielded pke problem) | 16:57 |
teward | (private key extraction*) | 16:58 |
TJ- | not by me | 17:17 |
TJ- | I assumed due to the blog post and talk on HN that it'd be all over the place | 17:18 |
=== riderjj is now known as juanjo | ||
teward | check | 17:57 |
teward | if a CVE was assigned for this it hasn't been reported on oss-security yet. Or it's been embargoed... | 17:57 |
mdeslaur | can you assign a CVE to security theatre? | 18:05 |
teward | good point. BUT i'm surprised this didn't hit oss-security heh | 18:05 |
mdeslaur | whatever the process does to encrypt the key in memory can be trivially reversed if you can dump the process memory space like the script does | 18:06 |
mdeslaur | you can make it harder, but that only makes the script slightly more complicated | 18:06 |
mdeslaur | the question is...if that was put in place to prevent sidechannel attacks, is it still good enough to prevent some sidechannel attacks? | 18:08 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!