Slashdot Mirror


Remote RSA Timing Attacks Practical

David Brumley and Dan Boneh writes "Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from a OpenSSL-based server such as Apache with mod_SSL and stunnel running on a machine in the local network. Our results demonstrate that timing attacks against widely deployed network servers are practical. Subsequently, software should implement defenses against timing attacks. Our paper can be found at Stanford's Applied Crypto Group."

6 of 223 comments (clear)

  1. Oh Shiiiiiiit! by The+Mainframe · · Score: 4, Funny

    Great, and this after I've been bragging about my 'not-breakable for a billion years' 2048-bit key.
    $mouth . $foot

    --
    --Bennett Prescott
    Former Lord Of Packets
  2. How could OpenSSL be vulnerable to security attack by MisterFancypants · · Score: 4, Funny
    Microsoft didn't write OpenSSL..How could this be possible????

  3. Umm... by Anonymous Coward · · Score: 5, Funny

    That summary is so buzzword-rich I feel compelled to purchase a product, if one were offered.

  4. Re:Personal crypto? by Anonymous Coward · · Score: 4, Funny

    Only if you type really, really fast.

  5. Where's the DMCA lawsuit by Anonymous Coward · · Score: 5, Funny

    Why don't all the OpenSSL folks sue these guys under the DMCA? It's good enough for Adobe, it should be good enough for Open Source folks, right?

  6. Re:I'm sorry by Tailhook · · Score: 4, Funny

    A SQL varient of this is far more effective:

    insert into mouth values ('foot')

    --
    Maw! Fire up the karma burner!