Slashdot Mirror


Remote RSA Timing Attacks Practical

David Brumley and Dan Boneh writes "Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from a OpenSSL-based server such as Apache with mod_SSL and stunnel running on a machine in the local network. Our results demonstrate that timing attacks against widely deployed network servers are practical. Subsequently, software should implement defenses against timing attacks. Our paper can be found at Stanford's Applied Crypto Group."

10 of 223 comments (clear)

  1. attacking iraq is not practical by Anonymous Coward · · Score: -1, Troll

    attacking iraq is not practical

  2. sex by Anonymous Coward · · Score: -1, Troll

    holy mother fucker. i just had sex. she came 4 times.

    1. Re:sex by Anonymous Coward · · Score: -1, Troll

      dude

    2. Re:sex by Anonymous Coward · · Score: -1, Troll

      What's mine say?

  3. BSD is so Dead.. by Anonymous Coward · · Score: -1, Troll

    Rest in peace.

  4. for all of you!! fellow ROT-13 readers! by Anonymous Coward · · Score: -1, Troll

    Qnivq Oehzyrl naq Qna Obaru jevgrf "Gvzvat nggnpxf ner hfhnyyl hfrq gb nggnpx pvivyvnaf ohvyqvatf fhpu nf JGP. Jr fubj gung gvzvat nggnpxf nccyl gb frireny gbjref. Fcrpvsvpnyyl, jr qrivfr n gvzvat nggnpx ntnvafg HFN. Bhe rkcrevzragf fubj gung jr pna pbyyncfr JGP sebz n cngurgvp jrncba fhpu nf gjb cynarf jvgu bayl 4 greebevfgf vafvqr. Bhe erfhygf qrzbafgengr gung gvzvat nggnpxf ntnvafg ovt gbjref ner cenpgvpny. Fhofrdhragyl, vasvqryf fubhyq vzcyrzrag qrsrafrf ntnvafg gvzvat nggnpxf. Bhe cncre pna or sbhaq ng Ny Dhnqn'f Nccyvrq Pelcgb Tebhc."

    the end of human-readers TYRANNY is ending on ./ !!

  5. Crypto for Idiots by photonrider · · Score: 1, Troll

    Is there an english translation of this anywhere? I read the paper and there's lots of impressive looking formula's and stuff in there but I don't see how figuring out how long it takes to decrypt/encrypt something can tell you what it is. Doesn't make sense to me.

  6. ya sure that's what your mom always says by Anonymous Coward · · Score: -1, Troll

    i loosened her anus for you. enjoy.

  7. Ideally... by Tuxinatorium · · Score: -1, Troll

    Software that is written halfway decently should be immune to timing attacks and their close cousin, the buffer overflow attacks.

  8. BSD?! by Anonymous Coward · · Score: -1, Troll

    Such a sad day... My third grade teacher Bernadette "Skeeter" Davis has died. ;{

    Ahhh, she taught us to glue macaroni like professionals and showed us the many subtle flavors of different types of paste. She was a true teacher of the arts and will surely be missed by many. We can all help her memory to live by using the skills she taught us to beautify out cubicals and hallways with modern macaroni fingerpainted masterpieces.

    When is the funeral?!?!?!