Side-channel vulnerability in libgcrypt - the Marvin Attack
Stephan Verbücheln
verbuecheln at posteo.de
Fri Mar 15 13:37:16 CET 2024
Hello
Thank you for your work and sharing your results!
How about the use case of interactively authenticating to a server
which is not controlled by oneself and therefore not fully trusted?
Since the authentication is interactive, the timing could matter.
For example, I am using my PGP key for SSH public-key authentication to
github.com and alike.
Regards
Stephan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20240315/7d95cc4b/attachment.sig>
More information about the Gcrypt-devel
mailing list