Bugtraq mailing list archives
Re: [TZO-27-2009] Firefox Denial of Service (Keygen)
From: Tavis Ormandy <taviso () sdf lonestar org>
Date: Thu, 28 May 2009 13:01:07 +0200
Thierry Zoller <Thierry () Zoller lu> wrote:
According to a Bugzilla entry memory is also leaked during the process. So let's recap, we have a function that generates key material and looping causes memory to leak. One might think this should be important enough to investigate, especially if you know that for DSA for instance, only a few bits of k can reveal an entire private key. [3] Note: I am not saying the memory leaks include key material, seeing the lack of interest this bugzilla ticket triggered, I have not considered investigating further. What I am saying is that if security is taken seriously memory leaks that directly or indirectly happen during key generation need to be investigated thoroughly.
I suspect there may be a language issue here, you seem to be confusing the terms "information leak" and "memory leak", they're entirely unrelated concepts despite the similar name. Thanks, Tavis. -- ------------------------------------- taviso () sdf lonestar org | finger me for my pgp key. -------------------------------------------------------
Current thread:
- [TZO-27-2009] Firefox Denial of Service (Keygen) Thierry Zoller (May 28)
- Re: [TZO-27-2009] Firefox Denial of Service (Keygen) Tavis Ormandy (May 28)
- Re[2]: [TZO-27-2009] Firefox Denial of Service (Keygen) Thierry Zoller (May 28)
- Re: [TZO-27-2009] Firefox Denial of Service (Keygen) Tavis Ormandy (May 28)