Skip to main content


Showing posts from August, 2019

Side channel timing attacks against (EC)DSA in RSA BSAFE CVE-2019-3739/CVE-2019-3740 - Project Wycheproof is the AFL for Cryptography

About a year ago I wrote this tweet and now I can finally justify it Project Wycheproof ( ) is the AFL ( ) of #crypto . Thanks a lot @XorNinja and team (notably including Bleichenbacher) for providing such a powerful tool — Antonio Sanso (@asanso) April 9, 2018 it is more or less when I found the vulnerabilities discussed in this short post. Introduction RSA BSAFE is a FIPS 140-2 validated cryptography library offered by RSA Security ( now Dell ). After almost a year they just published an advisory containing two fixes of two vulnerabilities I found in their Java ECDSA ( CVE-2019-3739 ) and DSA ( CVE-2019-3740 ) implementations. But here it comes the sweet part: I shamelessly did not do too much in order to find them. The credits are indeed all for Project Wycheproof: a tests crypto libraries against known attacks developed and maintained by members of Google Security (notably Daniel Bleichenbacher and Thai Duong ). DSA Inf