One of the interesting implications of this attack is that if you are running GnuPG on a VPS to encrypt your mail, if I’m on a different VPS on the same host, I can recover your private key.
I think it would take you some effort to time your attacks to the exact moment I’m encrypting my mail. I’d be more concerned about https and probably ssh. It’s weird they focused so completely on gnupg, then added a comment at the very end that the attack may extend to other operations or even non-cryptographic software, but somehow didn’t mention the attack could apply to other rsa implementations?
Something I’ve wondered for a while us how practical it is to get a vps shared with a target. Do I call up linode and request, hey I’d really love to share a processor with Kyle? Do I rent 900 machines and hope I land on the same hardware? I’d love to see a report on that. “We picked a dozen random aws, linode, etc. IPs and tried to land a vm on the same physical hardware.”
One of the interesting implications of this attack is that if you are running GnuPG on a VPS to encrypt your mail, if I’m on a different VPS on the same host, I can recover your private key.
I think it would take you some effort to time your attacks to the exact moment I’m encrypting my mail. I’d be more concerned about https and probably ssh. It’s weird they focused so completely on gnupg, then added a comment at the very end that the attack may extend to other operations or even non-cryptographic software, but somehow didn’t mention the attack could apply to other rsa implementations?
Something I’ve wondered for a while us how practical it is to get a vps shared with a target. Do I call up linode and request, hey I’d really love to share a processor with Kyle? Do I rent 900 machines and hope I land on the same hardware? I’d love to see a report on that. “We picked a dozen random aws, linode, etc. IPs and tried to land a vm on the same physical hardware.”
The practicality is another thing entirely, but it’s interesting to think about.
I’d love to see a study on how hard it is to land an instance on the same host as another user. It’s something I’ve wondered about quite a bit.