Re: OpenSSL

• From: Steven M. Bellovin
• Date: Mon Mar 17 12:58:19 2003

In message <[email protected]>, Scott Francis writes:
>

>
>Fun is about all it comes to. See what Schneier had to say in the most
>recent crypto-gram regarding this hole.
><http://www.counterpane.com/crypto-gram-0303.html>

This is a new attack, not the one Schneier was talking about.  It's 
very elegant work -- they actually implemented an attack that can 
recover the long-term private key.  The only caveat is that their 
attack currently works on LANs, not WANs, because they need more 
precise timing than is generally feasible over the Internet.


		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)

• Follow-Ups:
  • Re: OpenSSL Scott Francis

• References:
  • Re: OpenSSL Scott Francis

• Prev by Date: Re: OpenSSL
• Next by Date: RE: APNIC returning 223/8 to IANA
• Date Index
• Thread Index
• Author Index
• Historical