Slashdot Mirror

← Back to Stories (view on slashdot.org)

Remote RSA Timing Attacks Practical

Posted by CowboyNeal on from the all-in-the-timing dept.

David Brumley and Dan Boneh writes "Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from a OpenSSL-based server such as Apache with mod_SSL and stunnel running on a machine in the local network. Our results demonstrate that timing attacks against widely deployed network servers are practical. Subsequently, software should implement defenses against timing attacks. Our paper can be found at Stanford's Applied Crypto Group."

1 of 223 comments (clear)

  1. What a shame. by AltGrendel · · Score: 1, Offtopic

    Pity this didn't appear BEFORE the Paul Kocher post.

    --
    The simple truth is that interstellar distances will not fit into the human imagination

    - Douglas Adams