Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote RSA Timing Attacks Practical

Posted by CowboyNeal on from the all-in-the-timing dept.

David Brumley and Dan Boneh writes "Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from a OpenSSL-based server such as Apache with mod_SSL and stunnel running on a machine in the local network. Our results demonstrate that timing attacks against widely deployed network servers are practical. Subsequently, software should implement defenses against timing attacks. Our paper can be found at Stanford's Applied Crypto Group."

18 of 223 comments (clear)

  1. fr0st p1st by Anonymous Coward · · Score: -1, Offtopic

    fp r0xx0rs my b0xx0rs

  2. balloons smell like red! by Anonymous Coward · · Score: -1, Offtopic

    that tastes bad in my left mouth. my right mouth has eggnog in it.

  3. frist by Anonymous Coward · · Score: -1, Offtopic

    first

  4. 1st by Anonymous Coward · · Score: -1, Offtopic

    1st

  5. Chics Dig RSA Tokens by Anonymous Coward · · Score: -1, Offtopic

    1. Wear RSA token attached to gold chain around neck
    2. ??
    3. Get Laid

  6. What a shame. by AltGrendel · · Score: 1, Offtopic

    Pity this didn't appear BEFORE the Paul Kocher post.

    --
    The simple truth is that interstellar distances will not fit into the human imagination

    - Douglas Adams

  7. Uhhhh by Anonymous Coward · · Score: -1, Offtopic

    Looks like the anti-dupe preview thing ain't working yet ?

  8. SWEET MOThER OF JEEBUS!!! NO NOT RSA by Anonymous Coward · · Score: -1, Offtopic

    TIMING ATTaCKss!! HoW wiLL wE SuRVIVE!! FuCk me WiTH A CHainSaw CmdrDonkeyPunchTaco!! EOM

  9. Re:Personal crypto? by rmadmin · · Score: -1, Offtopic

    Your not paranoid enough. I always assume that the g-men are reading my e-mail. Plus they read minds ya know!

    --


    Can all fish swim?
  10. Re:sex by Anonymous Coward · · Score: -1, Offtopic

    sweet

  11. race conditions by Anonymous Coward · · Score: -1, Offtopic
    What happens to the testicles/scrotum after they are removed?

    • Many SM scenes include eating the testicles, raw, or more commonly, cooked -- they can be quite tasty lightly cooked in a mushroom sauce. Before eating, the outer tough covering must be removed before eating the inside, which tastes somewhat like roasted pork. Consistency will vary depending on how much ball-torture-related scar tissue was created in the years prior to castration. Some castrators (and eunuchs) are also "trophy hunters". Testicles will be "pickled" in formaldehyde, and scrotums may be tanned and kept as satchels. There are trophy hunters who have collections with literally hundreds of testicles. A small number of eunuchs have also auctioned off their body parts -- eBay no long allows this, but BME allows it in their classifieds section.
  12. Re:sex by Anonymous Coward · · Score: -1, Offtopic

    More accurate is she *said* she came four times. And from what I know of your member size as well as your ineptness, i think it's pretty obvious she faked them all.

  13. Re:sex by Anonymous Coward · · Score: -1, Offtopic

    sweet..

  14. Re:In a nutshell... by Anonymous Coward · · Score: 0, Offtopic
    However, I would like to take some time to shed some light on the topic for those of you who do not have an Master's degree from Harvard as I do.

    And we all know that Harvard is one of the top schools in CS. Or at least that's what their recruiter tried to convince me of. It's sad, but every interaction I've had with a Harvard student or Harvard grad has made me feel like they're a pretentious asshole. You do your school a rather large injustice by using it's name like this.

  15. Re:sex by Anonymous Coward · · Score: -1, Offtopic
    it doesn't change the fact that she was your mom and she left my trailer sore and sticky.

    yes i know i dangled the modifier but i felt it was apropos given the earlier teabagging.

  16. Re:Do you even read the article????? by circletimessquare · · Score: 0, Offtopic

    good lord, excuse me for asking some questions.

    "rtfm!" i know, i know, i've heard it a million times before...

    can i discuss it on the discussion board, please? do i have your permission? or do i have to have doctoral thesis level knowledge before my question can be considered credible?

    that's hardly in the spirit of open discussion, no?

    relax dude, it's just slashdot, don't take it so seriously ;-P

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  17. You assume the pretension is inadvertent. by j.e.hahn · · Score: 0, Offtopic

    You assume that:

    1) Harvard thinks it's a bad thing to have pretentious, exclusionary alums.
    2) That this attitude isn't inculcated in those who attend Harvard.

    I've attended an Ivy (Brown, not Harvard) and the reality is they get off on the "we're better than everyone else" bit. It's about money and power -- something abundant in much of the student and alumni populace at Ivies.

    This is not to say everyone at Harvard is like that (or any other top-notch school...) I've got friends from Harvard who aren't. But a lot of Harvard alums are. Same goes for any prestigious institution.

  18. Ooh Ooh Brown! I'm so smaaart! nt by Kahlua · · Score: 0, Offtopic

    nt