Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenSSL Timing Attack Can Intercept Private Keys

Posted by Unknown on from the if-you-have-a-very-precise-watch dept.

Trailrunner7 writes "Remote timing attacks have been a problem for cryptosystems for more than 20 years. A new paper shows that such attacks are still practical ... The researchers, Billy Bob Brumley and Nicola Tuveri of Aalto University School of Science, focused their efforts on OpenSSL's implementation of the elliptic curve digital signature algorithm, and they were able to develop an attack that allowed them to steal the private key of an OpenSSL server."

6 of 31 comments (clear)

  1. No one uses ECDSA certificates. by Mysteray · · Score: 4, Informative

    The EFF's SSL observatory project found a handful of them on servers on the internet, but none of them actually rooted to a well known CA.

  2. OpenSSH is not vulnerable by dmiller · · Score: 4, Interesting

    OpenSSH isn't vulnerable to this attack: https://twitter.com/#!/damienmiller/status/72814031941017600

    1. Re:OpenSSH is not vulnerable by dmiller · · Score: 4, Informative

      No, it is not vulnerable to this attack. The Brumley/Tuveri paper describes a timing leak in a specific algorithm that is only used for elliptic curve crypto over binary/GF(2m) fields. OpenSSH uses ECC over prime fields that use different algorithms that have no known timing leaks. A result against ECC using prime fields would be more difficult because the curve point components are integers and so can use well-tested modular arithmetic code.

  3. Re:Just introduce a fixed delay, problem solved. by Co0Ps · · Score: 4, Insightful

    "Fixed delay" refers to a fixed and delay-padded time frame the whole operation runs in where the total time of the frame is equal or longer than the worst case of any cryptosystem - or for either of them - but preferably longer to account for safety margin and because delay makes brute force harder anyway.

  4. Re:How much of this is FUD? by Mysteray · · Score: 4, Insightful

    It's not FUD and it's not "the sky is falling" either.

    This is cryptographers communicating with one another. Terms like "attack" are being used here in their academic meaning. It's an interesting result, exciting even, but shouldn't be emotionally charged.

    If there are any real systems at risk, I don't know of them. But it's certainly possible that someone somewhere is really screwed by this attack, so it should be taken seriously. Anyone using ECDSA should probably apply the forthcoming patches as soon as is practical. This is good advice in any case.

  5. Re:How much of this is FUD? by Mysteray · · Score: 4, Interesting

    This is just what you get when you have a Threatpost reporter interviewing a cryptographer. I think Brumley does a fine job answering the questions factually, without feeding the hype. There really is a timing attack to which most every implementation of OpenSSL is vulnerable.

    The problem is that some people interpret that kind of as some kind of armageddon for internet security, whereas the great majority of secure systems probably aren't affected at all because they don't run the vulnerable code. But for those who are affected the problem may be really really serious for them. It is to these people that the researcher must communicate (via a journalist) without being able to select his audience in advance.