搜索结果: 1-7 共查到“知识库 OpenSSL”相关记录7条 . 查询时间(0.082 秒)
Degenerate Fault Attacks on Elliptic Curve Parameters in OpenSSL
OpenSSL Elliptic curve cryptography Invalid curve attack
2019/4/22
In this paper, we describe several practically exploitable fault attacks against OpenSSL's implementation of elliptic curve cryptography, related to the singular curve point decompression attacks of B...
In this work we demonstrate various weaknesses of the random
number generator (RNG) in the OpenSSL cryptographic library. We
show how OpenSSL’s RNG, knowingly in a low entropy state, potentially
le...
CacheBleed: A Timing Attack on OpenSSL Constant Time RSA
side-channel attacks cache attacks cryptographic implementations
2016/3/2
The scatter-gather technique is a commonly-implemented approach to
prevent cache-based timing attacks. In this paper we show that scatter-gather is
not constant-time. We implement a cache timing att...
Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack
Side Channel Attack Cache ECDSA
2016/1/25
We illustrate a vulnerability introduced to elliptic curve cryptographic protocols when implemented using a function of the OpenSSL cryptographic library. For the given implementation using an ellipti...
Timing and Lattice Attacks on a Remote ECDSA OpenSSL Server: How Practical Are They Really?
DSA ECDSA Timing Attacks
2015/12/23
In 2011, B.B.Brumley and N.Tuveri found a remote timing attack
on OpenSSL’s ECDSA implementation for binary curves. We will
study if the title of their paper was indeed relevant (Remote Timing
Atta...
OpenSSL在安全电子商务系统中的应用
OpenSSL SET CA
2012/11/7
OpenSSL是一个功能强大的安全通信开放源码库,具备优秀的跨平台性能.SET协议在电子商务安全电子支付服务中可以详细而准确地反映交易各方之间的各种关系,用来保证在Internet上实现银行卡支付交易的安全性.基于OpenSSL在Windows环境下搭建了一个安全电子商务系统所必须的CA认证中心,并将其应用到SET协议中,实现了SET协议中CA认证中心的功能.
New Branch Prediction Vulnerabilities in OpenSSL and Necessary Software Countermeasures
Side channel attacks branch prediction attacks cache eviction attacks Binary Extended Euclidean Algorithm
2008/9/17
Software based side-channel attacks allow an unprivileged spy process to extract secret information from a victim (cryptosystem) process by exploiting some indirect leakage of “side-channel” informati...