nanog mailing list archives

Re: OpenSSL

From: "Steven M. Bellovin" <smb () research att com>
Date: Mon, 17 Mar 2003 12:55:24 -0500


In message <20030317173458.GC9680 () darkuncle net>, Scott Francis writes:


Fun is about all it comes to. See what Schneier had to say in the most
recent crypto-gram regarding this hole.
<http://www.counterpane.com/crypto-gram-0303.html>


This is a new attack, not the one Schneier was talking about.  It's 
very elegant work -- they actually implemented an attack that can 
recover the long-term private key.  The only caveat is that their 
attack currently works on LANs, not WANs, because they need more 
precise timing than is generally feasible over the Internet.


                --Steve Bellovin, http://www.research.att.com/~smb (me)
                http://www.wilyhacker.com (2nd edition of "Firewalls" book)

Current thread:

OpenSSL Len Rose (Mar 17)
- Re: OpenSSL Scott Francis (Mar 17)
  - Re: OpenSSL Steven M. Bellovin (Mar 17)
    - Re: OpenSSL Scott Francis (Mar 17)
- <Possible follow-ups>
- Re: OpenSSL Stewart, William C (Bill), SALES (Mar 17)
- Re: OpenSSL Michael . Dillon (Mar 18)
  - Re: OpenSSL Eric Rescorla (Mar 18)
    - Re: OpenSSL alex (Mar 18)
    - Re: OpenSSL Petri Helenius (Mar 18)
    - Re: OpenSSL alex (Mar 18)
    - Re: OpenSSL Eric Rescorla (Mar 18)
- RE: OpenSSL Matt Ryan (Mar 18)
  - RE: OpenSSL alex (Mar 18)

(Thread continues...)