|
|
|
|
|
|
by teraflop
1413 days ago
|
|
|
The research doesn't necessarily imply that any typical device has such a high failure probability. From the paper: > The three private keys revealed by the 11 faulty [RSA] signatures in our [passively observed] data were associated with three certificates that were served from four different IP addresses associated with Baidu. [...] > After we disclosed to Baidu, they informed us that the traffic we observed was between the clients and Baidu’s golang-based L7 load balancer BFE which offloads cryptographic operations like signature generation to a hardware accelerator. [...] Based on the temporal pattern of signature errors we observed, we hypothesize that the errors may have been due to a single failing hardware component which then passed vulnerable signatures through the unprotected software implementation. |
|
|