cryptography side channel

The cryptography side channel tag covers discussions about vulnerabilities that leak secret information through observable execution differences in cryptographic implementations. A recent thread highlights CVE-2024-28834, a Minerva-style side channel in the GnuTLS library, which affects Azure Linux and potentially other Microsoft products. The tag focuses on how timing, power consumption, or other physical measurements can be exploited to extract cryptographic keys or other sensitive data. Topics include the interplay between cryptographic determinism and side-channel risks, as well as the implications for enterprise IT and security patching. Users share analysis, mitigation strategies, and updates on affected systems.