3 comments

[ 116 ms ] story [ 483 ms ] thread
> AMD Zen CPUs use an almost standard RSASSA-PKCS1-v1_5 algorithm; however, instead of using one of the recommended hash functions, an alternative that is prone to collisions was selected.

[Etc.]

Sounds like Yet Another Fail for DIY Crypto.

> We noticed that the key from an old Zen 1 CPU was the example key of the NIST SP 800-38B publication (Appendix D.1 2b7e1516 28aed2a6 abf71588 09cf4f3c) and was reused until at least Zen 4 CPUs.

Oops!

This is really interesting just for the details on the microcode mechanisms inside the chip (and there's a link to similar research on Intel chips.)