22 Apr
2014
22 Apr
'14
5:33 p.m.
'AES in a number popular cryptographic libraries including OpenSSL, PolarSSL and Libgcrypt are vulnerable to Bernstein’s correlation attack when run in Xen and VMware virtual machines, the most popular VMs used by cloud service providers.' Abstract: http://eprint.iacr.org/2014/248 Paper: http://eprint.iacr.org/2014/248.pdf So in a nutshell, if you want to steal a website's private keys, you can get an account on their hosting provider and at least have a shot at getting on the same physical server ;-) ~Griffin