{"id":38635,"date":"2019-10-31T22:24:58","date_gmt":"2019-10-31T19:24:58","guid":{"rendered":"https:\/\/prohoster.info\/blog\/novaya-tehnika-ataki-po-storonnim-kanalam-pozvolyayushhaya-vosstanovit-klyuchi-ecdsa\/"},"modified":"2019-10-31T22:24:58","modified_gmt":"2019-10-31T19:24:58","slug":"novaya-tehnika-ataki-po-storonnim-kanalam-pozvolyayushhaya-vosstanovit-klyuchi-ecdsa","status":"publish","type":"post","link":"https:\/\/prohoster.info\/de\/blog\/novosti-interneta\/novaya-tehnika-ataki-po-storonnim-kanalam-pozvolyayushhaya-vosstanovit-klyuchi-ecdsa","title":{"rendered":"Eine neue Angriffstechnik \u00fcber externe Kan\u00e4le, die es erm\u00f6glicht, ECDSA-Schl\u00fcssel wiederherzustellen.","gt_translate_keys":[{"key":"rendered","format":"text"}]},"content":{"rendered":"<p>Forscher der Masaryk-Universit\u00e4t <noindex><a rel=\"nofollow\" href=\"https:\/\/seclists.org\/oss-sec\/2019\/q4\/3\">entdeckten<\/a><\/noindex> Informationen zu <noindex><a rel=\"nofollow\" href=\"https:\/\/minerva.crocs.fi.muni.cz\/\">anf\u00e4lligkeiten<\/a><\/noindex> in unterschiedlichen Implementierungen des ECDSA\/EdDSA-Signaturalgorithmus, die es erm\u00f6glichen, den privaten Schl\u00fcssel durch die Analyse von Informationen, die bei der Anwendung von Kanalanalysen aus einzelnen Bits abgeleitet werden, wiederherzustellen. Die Schwachstellen wurden unter dem Codenamen Minerva zusammengefasst. <\/p>\n<p>Die bekanntesten Projekte, auf die die vorgeschlagene Angriffsmethode abzielt, sind OpenJDK\/OracleJDK (CVE-2019-2894) und die Bibliothek <noindex><a rel=\"nofollow\" href=\"https:\/\/git.gnupg.org\/cgi-bin\/gitweb.cgi?p=libgcrypt.git\">Libgcrypt<\/a><\/noindex> (CVE-2019-13627), die in GnuPG verwendet wird. Auch betroffen sind <noindex><a rel=\"nofollow\" href=\"https:\/\/github.com\/matrixssl\/matrixssl\/\">MatrixSSL<\/a><\/noindex>, <noindex><a rel=\"nofollow\" href=\"https:\/\/github.com\/weidai11\/cryptopp\/\">Crypto++<\/a><\/noindex>, <noindex><a rel=\"nofollow\" href=\"https:\/\/github.com\/wolfSSL\/wolfssl\/\">wolfCrypt<\/a><\/noindex>,   <noindex><a rel=\"nofollow\" href=\"https:\/\/github.com\/indutny\/elliptic\/\">elliptisch<\/a><\/noindex>, <noindex><a rel=\"nofollow\" href=\"https:\/\/github.com\/kjur\/jsrsasign\">jsrsasign<\/a><\/noindex>, <noindex><a rel=\"nofollow\" href=\"https:\/\/github.com\/warner\/python-ecdsa\">python-ecdsa<\/a><\/noindex>, <noindex><a rel=\"nofollow\" href=\"https:\/\/github.com\/DavidEGrayson\/ruby_ecdsa\">ruby_ecdsa<\/a><\/noindex>, <noindex><a rel=\"nofollow\" href=\"https:\/\/github.com\/AntonKueltz\/fastecdsa\">fastecdsa<\/a><\/noindex>, <noindex><a rel=\"nofollow\" href=\"https:\/\/github.com\/esxgx\/easy-ecc\/\">easy-ecc<\/a><\/noindex> und die Smartkarten Athena IDProtect. Als potenziell verwundbar gelten auch die Karten Valid S\/A IDflex V, SafeNet eToken 4300 und TecSec Armored Card, die den ECDSA-Modultyp verwenden. <\/p>\n<p>Das Problem wurde bereits in den Versionen libgcrypt 1.8.5 und wolfCrypt 4.1.0 behoben; die anderen Projekte haben bislang keine Updates ver\u00f6ffentlicht. Die Behebung der Schwachstelle im libgcrypt-Paket in den Distributionen kann auf den folgenden Seiten verfolgt werden: <noindex><a rel=\"nofollow\" href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2019-13627\">Debian<\/a><\/noindex>, <noindex><a rel=\"nofollow\" href=\"https:\/\/people.canonical.com\/~ubuntu-security\/cve\/2019\/CVE-2019-13627.html\">Ubuntu<\/a><\/noindex>, <noindex><a rel=\"nofollow\" href=\"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=CVE-2019-13627\">RHEL<\/a><\/noindex>, <noindex><a rel=\"nofollow\" href=\"https:\/\/bodhi.fedoraproject.org\/updates\/?releases=F30&#038;type=security\">, aber bisher ist er noch nicht in<\/a><\/noindex>, <noindex><a rel=\"nofollow\" href=\"https:\/\/bugzilla.suse.com\/show_bug.cgi?id=CVE-2019-13627\">openSUSE\/SUSE<\/a><\/noindex>, <noindex><a rel=\"nofollow\" href=\"http:\/\/www.vuxml.org\/freebsd\/\">FreeBSD<\/a><\/noindex>, <noindex><a rel=\"nofollow\" href=\"https:\/\/security.archlinux.org\/CVE-2019-13627\">Arch<\/a><\/noindex>.<\/p>\n<p>Schwachstellen <noindex><a rel=\"nofollow\" href=\"https:\/\/github.com\/crocs-muni\/ECTester\/blob\/master\/docs\/LIBS.md\">sind nicht betroffen.<\/a><\/noindex> OpenSSL, Botan, mbedTLS und BoringSSL. Mozilla NSS, LibreSSL, Nettle, BearSSL, cryptlib, OpenSSL im FIPS-Modus, Microsoft .NET crypto,<br \/>\nlibkcapi aus dem Linux-Kernel, Sodium und GnuTLS sind noch nicht getestet worden.<\/p>\n<p>Das Problem resultiert aus der M\u00f6glichkeit, die Werte einzelner Bits w\u00e4hrend der Ausf\u00fchrung von Skalaren in elliptischen Kurvenoperationen zu bestimmen. Zur Gewinnung von Informationen \u00fcber die Bits werden indirekte Methoden verwendet, wie die Bewertung der Verz\u00f6gerung w\u00e4hrend der Berechnung. F\u00fcr den Angriff ist unprivilegierter Zugriff auf den Host erforderlich, auf dem die digitale Signatur generiert wird (nicht <noindex><a rel=\"nofollow\" href=\"https:\/\/minerva.crocs.fi.muni.cz\/#remote\">ausgeschlossen<\/a><\/noindex> und ein Remote-Angriff ist m\u00f6glich, jedoch stark erschwert und erfordert eine gro\u00dfe Datenmenge zur Analyse, weshalb er als unwahrscheinlich betrachtet werden kann). F\u00fcr das Laden <noindex><a rel=\"nofollow\" href=\"https:\/\/minerva.crocs.fi.muni.cz\/#poc\">ist verf\u00fcgbar<\/a><\/noindex> wird das f\u00fcr den Angriff verwendete Werkzeugset ben\u00f6tigt.<\/p>\n<p>Trotz der geringen Gr\u00f6\u00dfe des Lecks reicht es aus, f\u00fcr die ECDSA-Definition sogar nur einige Bits an Informationen \u00fcber den Initialisierungsvektor (Nonce) zu haben, um einen Angriff zur sequenziellen Wiederherstellung des gesamten privaten Schl\u00fcssels durchzuf\u00fchren. Laut den Autoren der Methode reicht es aus, mehrere Hundert bis einige Tausend digitale Signaturen zu analysieren, die f\u00fcr dem Angreifer bekannte Nachrichten generiert wurden, um den Schl\u00fcssel erfolgreich wiederherzustellen. Zum Beispiel wurden f\u00fcr die Bestimmung des privaten Schl\u00fcssels, der auf der Smartcard Athena IDProtect mit dem Chip Inside Secure AT90SC verwendet wird, bei Verwendung der elliptischen Kurve secp256r1 11.000 digitale Signaturen analysiert. Die gesamte Angriffszeit betrug 30 Minuten.<\/p>\n<p><noindex><a rel=\"nofollow\" name=\"link\"><\/a><\/noindex><\/p>\n<p>Quelle: <a \ncontent=\"nofollow\" rel=\"nofollow\" href=\"https:\/\/www.opennet.ru\/opennews\/art.shtml?num=51609\">opennet.ru<\/a><\/p>","protected":false,"gt_translate_keys":[{"key":"rendered","format":"html"}]},"excerpt":{"rendered":"<p>\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430 \u0438\u043c. \u041c\u0430\u0441\u0430\u0440\u0438\u043a\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f\u0445 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c\u0430 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0446\u0438\u0444\u0440\u043e\u0432\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 ECDSA\/EdDSA, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0445 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u043e\u0433\u043e \u043a\u043b\u044e\u0447\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0443\u0442\u0435\u0447\u0435\u043a \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u0439 \u043e\u0431 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u0431\u0438\u0442\u0430\u0445, \u0432\u0441\u043f\u043b\u044b\u0432\u0430\u044e\u0449\u0438\u0445 \u043f\u0440\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0438 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u043f\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u043c \u043a\u0430\u043d\u0430\u043b\u0430\u043c. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043a\u043e\u0434\u043e\u0432\u043e\u0435 \u0438\u043c\u044f Minerva. \u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0435\u043a\u0442\u0430\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0439 \u043c\u0435\u0442\u043e\u0434 \u0430\u0442\u0430\u043a\u0438, \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f OpenJDK\/OracleJDK (CVE-2019-2894) \u0438 [&hellip;]<\/p>\n","protected":false,"gt_translate_keys":[{"key":"rendered","format":"html"}]},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[702],"tags":[],"class_list":["post-38635","post","type-post","status-publish","format-standard","hentry","category-novosti-interneta"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.10 - aioseo.com -->\n\t<meta name=\"description\" content=\"\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430 \u0438\u043c. \u041c\u0430\u0441\u0430\u0440\u0438\u043a\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f\u0445 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c\u0430 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0446\u0438\u0444\u0440\u043e\u0432\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 ECDSA\/EdDSA, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0445 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u043e\u0433\u043e \u043a\u043b\u044e\u0447\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0443\u0442\u0435\u0447\u0435\u043a \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u0439 \u043e\u0431 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u0431\u0438\u0442\u0430\u0445, \u0432\u0441\u043f\u043b\u044b\u0432\u0430\u044e\u0449\u0438\u0445 \u043f\u0440\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0438 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u043f\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u043c \u043a\u0430\u043d\u0430\u043b\u0430\u043c. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043a\u043e\u0434\u043e\u0432\u043e\u0435 \u0438\u043c\u044f Minerva. \u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0435\u043a\u0442\u0430\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0439 \u043c\u0435\u0442\u043e\u0434 \u0430\u0442\u0430\u043a\u0438, \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f OpenJDK\/OracleJDK (CVE-2019-2894) \u0438\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Yuri Gagarin\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/prohoster.info\/de\/blog\/novosti-interneta\/novaya-tehnika-ataki-po-storonnim-kanalam-pozvolyayushhaya-vosstanovit-klyuchi-ecdsa\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.10\" \/>\n\t\t<meta property=\"og:locale\" content=\"de_DE\" \/>\n\t\t<meta property=\"og:site_name\" content=\"ProHoster | \u041a\u0443\u043f\u0438\u0442\u044c \u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0439 \u0445\u043e\u0441\u0442\u0438\u043d\u0433 \u0434\u043b\u044f \u0441\u0430\u0439\u0442\u043e\u0432 \u0441 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u043e\u0442 DDoS, VPS VDS \u0441\u0435\u0440\u0432\u0435\u0440\u044b\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"\ud83e\udd47\u041d\u043e\u0432\u0430\u044f \u0442\u0435\u0445\u043d\u0438\u043a\u0430 \u0430\u0442\u0430\u043a\u0438 \u043f\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u043c \u043a\u0430\u043d\u0430\u043b\u0430\u043c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043a\u043b\u044e\u0447\u0438 ECDSA | ProHoster\" \/>\n\t\t<meta property=\"og:description\" content=\"\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430 \u0438\u043c. \u041c\u0430\u0441\u0430\u0440\u0438\u043a\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f\u0445 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c\u0430 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0446\u0438\u0444\u0440\u043e\u0432\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 ECDSA\/EdDSA, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0445 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u043e\u0433\u043e \u043a\u043b\u044e\u0447\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0443\u0442\u0435\u0447\u0435\u043a \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u0439 \u043e\u0431 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u0431\u0438\u0442\u0430\u0445, \u0432\u0441\u043f\u043b\u044b\u0432\u0430\u044e\u0449\u0438\u0445 \u043f\u0440\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0438 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u043f\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u043c \u043a\u0430\u043d\u0430\u043b\u0430\u043c. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043a\u043e\u0434\u043e\u0432\u043e\u0435 \u0438\u043c\u044f Minerva. \u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0435\u043a\u0442\u0430\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0439 \u043c\u0435\u0442\u043e\u0434 \u0430\u0442\u0430\u043a\u0438, \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f OpenJDK\/OracleJDK (CVE-2019-2894) \u0438\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/prohoster.info\/de\/blog\/novosti-interneta\/novaya-tehnika-ataki-po-storonnim-kanalam-pozvolyayushhaya-vosstanovit-klyuchi-ecdsa\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/prohoster.info\/wp-content\/uploads\/2021\/11\/logo-350.jpg\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/prohoster.info\/wp-content\/uploads\/2021\/11\/logo-350.jpg\" \/>\n\t\t<meta property=\"og:image:width\" content=\"350\" \/>\n\t\t<meta property=\"og:image:height\" content=\"350\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2019-10-31T19:24:58+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2019-10-31T19:24:58+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/prohoster\" \/>\n\t\t<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/prohoster\" \/>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"\ud83e\udd47Neue Seitenkanalangriffstechnik zur Wiederherstellung von ECDSA-Schl\u00fcsseln | ProHoster","description":"Forscher der Masaryk-Universit\u00e4t haben Informationen \u00fcber Schwachstellen in verschiedenen Implementierungen des ECDSA\/EdDSA-Signaturalgorithms ver\u00f6ffentlicht, die es erm\u00f6glichen, den privaten Schl\u00fcssel durch die Analyse von Datenlecks einzelner Bits, die bei der Verwendung von Seitenkanalanalysemethoden auftreten, wiederherzustellen. Die Schwachstellen tragen den Codenamen Minerva. Zu den bekanntesten Projekten, die von der vorgeschlagenen Angriffsmethode betroffen sind, geh\u00f6ren OpenJDK\/OracleJDK (CVE-2019-2894) und","canonical_url":"https:\/\/prohoster.info\/de\/blog\/novosti-interneta\/novaya-tehnika-ataki-po-storonnim-kanalam-pozvolyayushhaya-vosstanovit-klyuchi-ecdsa","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":null,"og:locale":"de_DE","og:site_name":"ProHoster | \u041a\u0443\u043f\u0438\u0442\u044c \u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0439 \u0445\u043e\u0441\u0442\u0438\u043d\u0433 \u0434\u043b\u044f \u0441\u0430\u0439\u0442\u043e\u0432 \u0441 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u043e\u0442 DDoS, VPS VDS \u0441\u0435\u0440\u0432\u0435\u0440\u044b","og:type":"article","og:title":"\ud83e\udd47\u041d\u043e\u0432\u0430\u044f \u0442\u0435\u0445\u043d\u0438\u043a\u0430 \u0430\u0442\u0430\u043a\u0438 \u043f\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u043c \u043a\u0430\u043d\u0430\u043b\u0430\u043c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043a\u043b\u044e\u0447\u0438 ECDSA | ProHoster","og:description":"\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430 \u0438\u043c. \u041c\u0430\u0441\u0430\u0440\u0438\u043a\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f\u0445 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c\u0430 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0446\u0438\u0444\u0440\u043e\u0432\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 ECDSA\/EdDSA, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0445 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u043e\u0433\u043e \u043a\u043b\u044e\u0447\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0443\u0442\u0435\u0447\u0435\u043a \u0441\u0432\u0435\u0434\u0435\u043d\u0438\u0439 \u043e\u0431 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u0431\u0438\u0442\u0430\u0445, \u0432\u0441\u043f\u043b\u044b\u0432\u0430\u044e\u0449\u0438\u0445 \u043f\u0440\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0438 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u043f\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u043c \u043a\u0430\u043d\u0430\u043b\u0430\u043c. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043a\u043e\u0434\u043e\u0432\u043e\u0435 \u0438\u043c\u044f Minerva. \u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u043c\u0438 \u043f\u0440\u043e\u0435\u043a\u0442\u0430\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0439 \u043c\u0435\u0442\u043e\u0434 \u0430\u0442\u0430\u043a\u0438, \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f OpenJDK\/OracleJDK (CVE-2019-2894) \u0438","og:url":"https:\/\/prohoster.info\/de\/blog\/novosti-interneta\/novaya-tehnika-ataki-po-storonnim-kanalam-pozvolyayushhaya-vosstanovit-klyuchi-ecdsa","og:image":"https:\/\/prohoster.info\/wp-content\/uploads\/2021\/11\/logo-350.jpg","og:image:secure_url":"https:\/\/prohoster.info\/wp-content\/uploads\/2021\/11\/logo-350.jpg","og:image:width":350,"og:image:height":350,"article:published_time":"2019-10-31T19:24:58+00:00","article:modified_time":"2019-10-31T19:24:58+00:00","article:publisher":"https:\/\/www.facebook.com\/prohoster","article:author":"https:\/\/www.facebook.com\/prohoster"},"aioseo_meta_data":{"post_id":"38635","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":null,"schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"seo_analyzer_scan_date":"2026-01-23 22:51:19","breadcrumb_settings":null,"limit_modified_date":false,"reviewed_by":null,"ai":null,"created":"2021-03-01 01:06:23","updated":"2026-01-23 22:51:19"},"gt_translate_keys":[{"key":"link","format":"url"}],"_links":{"self":[{"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/posts\/38635","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/comments?post=38635"}],"version-history":[{"count":0,"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/posts\/38635\/revisions"}],"wp:attachment":[{"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/media?parent=38635"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/categories?post=38635"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/prohoster.info\/de\/wp-json\/wp\/v2\/tags?post=38635"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}