Brumley & Boneh timing attack on OpenSSL
Bill Stewart
bill.stewart at pobox.com
Fri Mar 14 01:32:46 EST 2003
From Slashdot:
http://slashdot.org/article.pl?sid=03/03/14/0012214&mode=thread&tid=172
David Brumley and Dan Boneh write:
"Timing attacks are usually used to attack weak computing devices such as
smartcards.
We show that timing attacks apply to general software systems.
Specifically, we devise a timing attack against OpenSSL.
Our experiments show that we can extract private keys from a
OpenSSL-based server such as Apache with mod_SSL and stunnel
running on a machine in the local network. Our results demonstrate that
timing attacks against widely deployed network servers are practical.
Subsequently, software should implement defenses against timing attacks.
Our paper can be found at Stanford's Applied Crypto Group.
http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html "
Schmoo Group response on cryptonomicon.net
http://www.cryptonomicon.net/modules.php?name=News&file=article&sid=263&mode=&order=0&thold=0
Apparently OpenSSL has code to prevent the timing attack,
but it's often not compiled in (I'm not sure how much that's for
performance reasons as opposed to general ignorance?)
They also comment (as did somebody on Slashdot) that
"this is distinct from the timing attack described in the paper
by Canvel, Hiltgen, Vaudenay, and Vuagnoux last month."
That one's an implementation problem and hard to exploit.
http://lasecwww.epfl.ch/memo_ssl.shtml
http://slashdot.org/article.pl?sid=03/02/20/1956229
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list