Stay up to date on all things crypto and blockchain
Token Daily is a place to discover trending news and products in crypto and blockchain.
Samson Mow - @Excellion
7 months ago
RT @real_or_random: "We [...] show an extraction of SGX private attestation keys from within SGX’s quoting enclave, as compiled and signed by Intel. With these keys in hand, we are able to sign fake attestation quotes, just as if these have initiated from trusted and genuine SGX enclaves." Ouch. https://t.co/bmnmTR1lpc
23
48
Peter Todd - @peterktodd
7 months ago
RT @real_or_random: "We [...] show an extraction of SGX private attestation keys from within SGX’s quoting enclave, as compiled and signed by Intel. With these keys in hand, we are able to sign fake attestation quotes, just as if these have initiated from trusted and genuine SGX enclaves." Ouch. https://t.co/bmnmTR1lpc
18
42
Mason & Co. - @masonic_tweets
7 months ago
RT @P3b7_: There was one security feature not broken on SGX. It's not the case any more, SGX attestation keys are now extracted - https://t.co/lrOvVabgBt
29
62
Jeff Garzik - @jgarzik
7 months ago
RT @themadstephan: After 5 months of work, we can finally share the full version of the CacheOut attack paper (https://t.co/ruHkCYjPHq). As a bonus, here is also an attack that breaches SGX attestation, recovering private EPID keys (https://t.co/IKPSFqnRKC). Get your own attestation quote today!
256
505
Daniel Ƀ - @csuwildcat
7 months ago
RT @themadstephan: After 5 months of work, we can finally share the full version of the CacheOut attack paper (https://t.co/ruHkCYjPHq). As a bonus, here is also an attack that breaches SGX attestation, recovering private EPID keys (https://t.co/IKPSFqnRKC). Get your own attestation quote today!
192
361
Jonathan Hope - @jhope30203
7 months ago
RT @themadstephan: After 5 months of work, we can finally share the full version of the CacheOut attack paper (https://t.co/ruHkCYjPHq). As a bonus, here is also an attack that breaches SGX attestation, recovering private EPID keys (https://t.co/IKPSFqnRKC). Get your own attestation quote today!
171
322
Andrew Miller - @socrates1024
7 months ago
RT @SGAxe_AaaS: @mkskeller Your quote "Should've used proper MPC." has been signed. Your quote and instructions can be found at https://t.co/y6gGIAsNFm. Visit https://t.co/c9VO7x0aLA for more information. https://t.co/2c5Mmp7Req
3
7
Pieter Wuille - @pwuille
7 months ago
RT @matthew_d_green: Wow. SGX completely broken, again. https://t.co/YqNNJd3yL3
56
126
Andrew "Not cool enough for an ETH scam" Glidden - @asglidden
7 months ago
This seems bad. https://t.co/ApEC1sQWY5
1
0
cmnamost
7 months ago
Intel patched it but oof, Unfixed for five months. Are CPUs from other manufacturer's safe, or will we be seeing these types of attacks on AMD/ARM too?
6
convenience_store
7 months ago
I just spent the last half hour reading the comments to that Ars Technica article you linked. The sense I get is that analogous setup on an AMD processor is implemented differently (separate from the CPU) so isn't vulnerable to these particular attacks.
​
I also get the strong sense that Intel has gone [the way of Boeing](https://newrepublic.com/article/154944/boeing-737-max-investigation-indonesia-lion-air-ethiopian-airlines-managerial-revolution), a sentiment shared by a few of the commenters there.
​
Personally I'll probably be changing my Signal PIN to a longer alphanumeric one stored in a password manager unless and until we hear how it either didn't affect secure value recovery or that it's been addressed.
3
Forodhir
beta user :wrench: 7 months ago
I wonder what Signal will have to say about this. Will they defend the security of their system or move to a new one?
6
AutoModerator
7 months ago
Welcome to r/patient_hackernews! Remember that in this subreddit, commenting requires a special process:
-
Declare your intention of commenting by posting a pre-comment containing only the single letter
R. (This pre-comment will not be visible to others.) -
Wait 24 hours or more (you will receive a reminder).
-
You can then post a new comment with your actual reply in the same location.
Comments that don't abide by the 24h delay will be automatically removed.
NOTE: since step 3 is not mandatory, pre-comments can also be left as a way to set up a reminder to check up on the discussion in 24h.
More information on how this forum works.
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
1
qznc_bot2
7 months ago
There is a discussion on Hacker News, but feel free to comment here as well.
1
makomk -
@makomk
7 months ago
This is one of two lovely side-channel vulnerabilities in Intel processors released today. Apparently they also leak RDRAND and RDSEED data across cores and took 18 months to fix it: https://www.vusec.net/projects/crosstalk/
pstrateman -
@pstrateman
7 months ago
So this breaks SGX completely.
Signals new PIN thing relies (almost) entirely on SGX being secure to make their encrypted profile and contact backups secure.
This attack reduces the security of the Signal encrypted backups to just the PIN.
Edit: Indeed the authors point this out explicitly in the SGAxe paper.
mmm_grayons -
@mmm_grayons
7 months ago
Boy, I'd love to see Moxie's comment on this after years of shilling SGX. I was always disappointed by that and never understood why someone as otherwise-bright as him went for it.
Trending this week..
Join Our Newsletter
Post a Job
Teams Hiring Now
-
TokenSoft is the volume leader in compliant token sales.
-
The open protocol for tokenized debt.
-
A secure online platform for buying, selling, and storing digital currencies.
-
A second layer, off-chain scaling proposal for bitcoin.
-
Ensuring the blockchain is inexpensive and accessible to everyone.
-
An open protocol for decentralized exchange on the ethereum blockchain.
- See all