Oddbean new post about | logout
Steve Bellovin | 1 years ago (raw) | root | parent | reply | flag 
 @663e5b60 @7faadb2b Or, if they knew about the race condition, they may have been able to manipulate the engineer's machine to make the favorable outcome more likely.
As for finding the key—if memory serves, some time ago (>25 years, I think), Shamir had a paper on rapidly searching for keying material.
Taggart :donor: | 1 years ago (raw) | root | parent | reply | flag 
 @8356c71c @7faadb2b As I read it, they didn't trigger the dump; they discovered it while on the machine with access to the debugging environment. This [compromised] account had access to the debugging environment containing the crash dump which incorrectly contained the key.
Steve Bellovin | 1 years ago (raw) | root | parent | reply | flag 
 @663e5b60 @7faadb2b I didn't say that they caused the dump. But that it contained keying material was, as I understand it, due to a race condition, and it's often possible to make one outcome more likely by, e.g., stressing certain other resources.
Taggart :donor: | 1 years ago (raw) | root | parent | reply | flag 
 @8356c71c @7faadb2b I'm saying they didn't cause the race condition at all. It reads to me like they simply read the dump from where customer dumps are kept.