3 matches found
CVE-2017-9526
In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key from side-channel observation during the signing process can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point...
CVE-2017-9526
CVE-2017-9526 affects Libgcrypt prior to 1.7.7, where an attacker who observes the EdDSA session key during signing can recover the long-term secret key. Version 1.7.7 changes libgcrypt/ ecc-eddsa.c to store the session key in secure memory and ensures constant-time point operations in the MPI li...
CVE-2017-9526
In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key from side-channel observation during the signing process can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point...