Side-channel vulnerability in libgcrypt - the Marvin Attack

Stephan Verbücheln verbuecheln at posteo.de
Fri Mar 15 13:37:16 CET 2024


Hello

Thank you for your work and sharing your results!

How about the use case of interactively authenticating to a server
which is not controlled by oneself and therefore not fully trusted?
Since the authentication is interactive, the timing could matter.

For example, I am using my PGP key for SSH public-key authentication to
github.com and alike.

Regards
Stephan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20240315/7d95cc4b/attachment.sig>


More information about the Gcrypt-devel mailing list