Vulnwatch mailing list archives
OpenSSL Private Key Disclosure
From: Chris Wysopal <weld () vulnwatch org>
Date: Fri, 14 Mar 2003 05:05:37 +0000 (GMT)
Remote timing attacks are practical Authors: D. Boneh and D. Brumley Abstract: Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network servers are practical and therefore all security systems should defend against them. Reference: Submitted to Usenix Security. Full paper: http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
Current thread:
- OpenSSL Private Key Disclosure Chris Wysopal (Mar 13)