request for TLBleed information / non-constant-time vulnerabilities

Michael R. Hines mrhines at digitalocean.com
Tue Jul 31 02:03:29 CEST 2018


Greetings,

Our team is trying to get an accurate understanding of whether or not 
the most recent version of libgcrypt does or does not remain vulnerable
to the timing attack document here: 
https://www.vusec.net/wp-content/uploads/2018/07/tlbleed-author-preprint.pdf

In addition to that, more generally, as a cloud provider we are also 
looking for input and guidance on whether or not there are other 
locations that should be of concern within libgcrypt from the 
perspective of TLBleed.

Thank you!

-- 
/*
  * Michael R. Hines
  * Staff Engineer, DigitalOcean.
  */




More information about the Gcrypt-devel mailing list