Jolt: Recovering TLS Signing Keys via Rowhammer Faults

We demonstrate the viability of Jolt by running experiments targeting TLS handshakes in common cryptographic libraries such as WolfSSL, OpenSSL, Microsoft SymCrypt, LibreSSL, and Amazon s2n. On our target platform, the online phase takes less than 2 hours to recover 192 bits of a 256-bit ECDSA key, which is sufficient for full key recovery.

Well shit. The countermeasures here are all partial, too. ECC memory slows down the attack but doesn’t prevent it. Verify-after-signing works unless the attacker manages to inject a fault which skips the comparison opcode. Same goes for masking and multiple signing.

prf/1MiB                time:   [364.75 µs 365.01 µs 365.30 µs]                     
                        thrpt:  [2.6733 GiB/s 2.6755 GiB/s 2.6774 GiB/s]
                        time:   [-74.635% -74.254% -73.974%] (p = 0.00 < 0.05)
                        thrpt:  [+284.24% +288.41% +294.25%]
                        Performance has improved.

Hell yes

ngl, Extism has the best logo. I’m super curious to see where this “friendship with FFI is ended; WASM is my new best friend” thing goes. See also Lunatic, which is FastCGI-but-WASM.

Welcome to Effective Altruism, where the utility functions are made up and the interventions don’t matter

The implication was clear: if promoting the January 6, 2021, insurrection—which left at least seven people dead and more than a hundred police officers injured—doesn’t warrant suspension to Musk, then nothing else on the platform likely could.

It’s worse than that. What warrants suspension on Twitter now is hurting Melon’s feelings or having one of his rabid DM sliders tell him you’re a bad person. It’s become a personalist autocracy run by a man with the ego strength of a handful of cold dog shit.

Vin Diesel is short for Vinjamin Dieselraeli