i've locally tested the BN_div function and the sdiv buffer is intact at the end... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

benmmurphy on April 11, 2014 | parent | context | favorite | on: The Heartbleed Challenge

i've locally tested the BN_div function and the sdiv buffer is intact at the end of the function with a p or q value. however, the BN values seem to be allocated in some kind of pool and they are reused so the private keys get clobbered by another BN function soon after. also, at the end of the RSA_eay_private_encrypt function the BN values are zeroed (or written over with crap data) so unless there is another implementation bug it should be impossible to leak the intermediate values in a single threaded implementation.

leaking the intermediate values in nginx to recover the private key looks like a dead end. however, i think this could be quite promising for apache mpm_worker. :)

makomk on April 11, 2014 [–]

So it looks like you might be right. Debian uses Apache mpm_worker by default, and after getting a test install running and using ab to provide load I managed to get the private key in under a minute on the first run: http://t.co/nYvIw7q4M8 (I was lucky the first time, usually it seems to take a little longer.)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact