Bugtraq mailing list archives
Re: Remote Timing Techniques over TCP/IP
From: Solar Designer <solar () openwall com>
Date: Fri, 19 Apr 2002 05:28:10 +0400
On Thu, Apr 18, 2002 at 09:45:53AM -0500, Mauro Lacy wrote:
REMOTE TIMING TECHNIQUES
It's good to see this kind of weaknesses to start being publicized. I know there's another similar paper to be published soon. We've been discussing the possibility to apply a variation of Kocher's attack against SSH clients w/ RSA/DSA authentication (where a malicious server would obtain the client's private key and be able to use that against another server) with Markus and Niels of OpenSSH just recently. I don't see how a client -> server attack against SSH would be possible (other than on usernames and such). The leak of usernames is of course the most obvious example, pretty much every service is affected. Of course we avoid leaks like that in our code (popa3d, pam_tcb on Owl), but we haven't fixed our system libraries (such as glibc's NSS modules) yet and those are used by all services. -- /sd
Current thread:
- Remote Timing Techniques over TCP/IP Mauro Lacy (Apr 18)
- Re: Remote Timing Techniques over TCP/IP Solar Designer (Apr 19)
- Re: Remote Timing Techniques over TCP/IP stealth (Apr 20)
- Re: Remote Timing Techniques over TCP/IP Syzop (Apr 19)
- Re: Remote Timing Techniques over TCP/IP Solar Designer (Apr 19)