[Announce] Libgcrypt 1.7.8 released to fix CVE-2017-7526
Peter Lebbing
peter at digitalbrains.com
Tue Jul 4 21:37:05 CEST 2017
On 04/07/17 21:03, Johan Wevers wrote:
> Is that going to be fixed, or is 1.4 now really considered EOL?
I think you need to see it in the context of this part of the announcement:
> Allowing execute access to a box with private keys should be considered
> as a game over condition, anyway. Thus in practice there are easier
> ways to access the private keys than to mount this side-channel attack.
If you're worried about cross-VM crypto attacks, perhaps host your essential
crypto on a box that doesn't host potentially hostile VM's. Security has its
cost, or: there's no such thing as a free lunch.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170704/5e02dec7/attachment.sig>
More information about the Gnupg-users
mailing list