1. 30
    Zen and the Art of Microcode Hacking reversing security bughunters.google.com
    freddyb avatar via freddyb 7 days ago |
    Archive.org Archive.today Ghostarchive
    | 2 comments

  1.  

    1. 7
      pja avatar pja 6 days ago

      We noticed that the key from an old Zen 1 CPU was the example key of the NIST SP 800-38B publication (Appendix D.1 2b7e1516 28aed2a6 abf71588 09cf4f3c) and was reused until at least Zen 4 CPUs. Using this key we could break the two usages of AES-CMAC: the RSA public key and the microcode patch contents.

      “Oh, the password is actually ‘password’” levels of security. Amazing stuff.

      I guess they didn’t realise that compromising the key for the MAC would break the entire cryptosystem.

      1. 4
        symgryph avatar symgryph 6 days ago

        This is actually kind of cool. It’s funny that the hash algorithm is the weakness in this entire thing.