| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 13 Mar 2003 15:59:59 -0800 From: David Brumley <dbrumley@...nford.edu> To: bugtraq@...urityfocus.com Subject: Vulnerability in OpenSSL Dan Boneh and I have been researching timing attacks against software crypto libraries. Timing attacks are usually used to attack weak computing devices such as smartcards. We've successfully developed and mounted timing attacks against software crypto libraries running on general purpose PC's. We found that we can recover an RSA secret from OpenSSL using anywhere from only 300,000 to 1.4 million queries. We demonstrated our attack was pratical by successfully launching an attack against Apache + mod_SSL and stunnel on the local network. Our results show that timing attacks are practical against widely-deploy servers running on the network. To our knowledge, OpenSSL and derived crypto libraries are vulnerable. Mozilla's NSS is not vulnerable, as it implements RSA blinding. Crypto++ is not vulnerable in practice due to it's sliding windows implementation (least to most significant..most to least is vulnerable). The results indicate that all crypto implementations should defend against timing attacks. This paper was submitted to Usenix security 03. The link to the paper is here: http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html -David Brumley
Powered by blists - more mailing lists