Skip to main content


Showing posts from August, 2019

Side channel timing attacks against (EC)DSA in RSA BSAFE CVE-2019-3739/CVE-2019-3740 - Project Wycheproof is the AFL for Cryptography

About a year ago I wrote this tweet and now I can finally justify it
Project Wycheproof ( is the AFL ( of #crypto. Thanks a lot @XorNinja and team (notably including Bleichenbacher) for providing such a powerful tool — Antonio Sanso (@asanso) April 9, 2018 it is more or less when I found the vulnerabilities discussed in this short post.
IntroductionRSA BSAFE is a FIPS 140-2 validated cryptography library offered by RSA Security (now Dell). After almost a year they just published an advisory containing two fixes of two vulnerabilities I found in their Java ECDSA (CVE-2019-3739) and DSA (CVE-2019-3740) implementations. But here it comes the sweet part: I shamelessly did not do too much in order to find them. The credits are indeed all for Project Wycheproof: a tests crypto libraries against known attacks developed and maintained by members of Google Security (notably Daniel Bleichenbacher and Thai Duong). DSA Information Exposure Through Ti…