|
|
|
|
|
|
by mathiasgredal
884 days ago
|
|
|
Could someone enlighten me on how one goes about testing whether a particular crypto implementation is vulnerable to side-channel attacks? In high school I implemented a basic ECDH key exchange algorithm, which I compiled to WASM, and it can be tested at the bottom of my blog: https://gredal.dev/projects/elliptic-curves Using only the WASM blob, without looking at the source code for exploits, how would Alice find Bobs private key? |
|
|
Your code shows that `random` is seeded with `time(nullptr)` which has a second precision, so you can guess the generated private key by knowing the exact second the wasm module was initialized and the number of `random` calls until the eventual key was derived. You can see this yourself by loading two identical windows around the same time and generate keypairs from both, resulting in the same keypairs.
Even the most generous assumption gives only ~30 bits of information entropy, so it is extremely unsafe. Forget side-channel attacks---you are not even prepared against direct attacks.