The end goal is to release a script that targets an ip, request a bunch of signatures, try to mount the attack. If the server uses a vulnerable TLS implementation then it outputs the key.
What’s to do to achieve that?
+ combine attack.c and lattice.sage in one file
+ get better timing reasults
+ compute the hash and truncate it correctly (well actually we can copy the openssl code directly)
+ do the random subset algorithm to take care of false positives
– in setup/ you can find how to setup the server and the client to reproduce the attack (and how to modify the server’s openSSL to remove the fix)
– in datasets/ you have data I got from my own experiments. You can play with that if you don’t want to setup a client/server. Note that my measurements from the client sucks
– in tools/ you have tools to play with the data in datasets/. Read the README there for more info.
– PoC/ is an old proof of concept, it can run and find a key. It’s not very pretty though
update on august 18th 2015: disabled Nagel’s algorith, got better results, tried isolating the CPU, got even better results!