Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote RSA Timing Attacks Practical

Posted by CowboyNeal on from the all-in-the-timing dept.

David Brumley and Dan Boneh writes "Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from a OpenSSL-based server such as Apache with mod_SSL and stunnel running on a machine in the local network. Our results demonstrate that timing attacks against widely deployed network servers are practical. Subsequently, software should implement defenses against timing attacks. Our paper can be found at Stanford's Applied Crypto Group."

5 of 223 comments (clear)

  1. What a shame. by AltGrendel · · Score: 1, Offtopic

    Pity this didn't appear BEFORE the Paul Kocher post.

    --
    The simple truth is that interstellar distances will not fit into the human imagination

    - Douglas Adams

  2. Re:In a nutshell... by Anonymous Coward · · Score: 0, Offtopic
    However, I would like to take some time to shed some light on the topic for those of you who do not have an Master's degree from Harvard as I do.

    And we all know that Harvard is one of the top schools in CS. Or at least that's what their recruiter tried to convince me of. It's sad, but every interaction I've had with a Harvard student or Harvard grad has made me feel like they're a pretentious asshole. You do your school a rather large injustice by using it's name like this.

  3. Re:Do you even read the article????? by circletimessquare · · Score: 0, Offtopic

    good lord, excuse me for asking some questions.

    "rtfm!" i know, i know, i've heard it a million times before...

    can i discuss it on the discussion board, please? do i have your permission? or do i have to have doctoral thesis level knowledge before my question can be considered credible?

    that's hardly in the spirit of open discussion, no?

    relax dude, it's just slashdot, don't take it so seriously ;-P

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  4. You assume the pretension is inadvertent. by j.e.hahn · · Score: 0, Offtopic

    You assume that:

    1) Harvard thinks it's a bad thing to have pretentious, exclusionary alums.
    2) That this attitude isn't inculcated in those who attend Harvard.

    I've attended an Ivy (Brown, not Harvard) and the reality is they get off on the "we're better than everyone else" bit. It's about money and power -- something abundant in much of the student and alumni populace at Ivies.

    This is not to say everyone at Harvard is like that (or any other top-notch school...) I've got friends from Harvard who aren't. But a lot of Harvard alums are. Same goes for any prestigious institution.

  5. Ooh Ooh Brown! I'm so smaaart! nt by Kahlua · · Score: 0, Offtopic

    nt