lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1047600001.5181.50.camel@djblaptop.stanford.edu>
Date: 13 Mar 2003 15:59:59 -0800
From: David Brumley <dbrumley@...nford.edu>
To: bugtraq@...urityfocus.com
Subject: Vulnerability in OpenSSL


Dan Boneh and I have been researching timing attacks against software
crypto libraries.  Timing attacks are usually used to attack weak
computing devices such as smartcards.  We've successfully developed and
mounted timing attacks against software crypto libraries running on
general purpose PC's.  

We found that we can recover an RSA secret from OpenSSL using anywhere
from only 300,000 to 1.4 million queries.  We demonstrated our attack
was pratical by successfully launching an attack against Apache +
mod_SSL and stunnel on the local network.  Our results show that timing
attacks are practical against widely-deploy servers running on the
network. 

To our knowledge, OpenSSL and derived crypto libraries are vulnerable. 
Mozilla's NSS is not vulnerable, as it implements RSA blinding. 
Crypto++ is not vulnerable in practice due to it's sliding windows
implementation (least to most significant..most to least is vulnerable).

The results indicate that all crypto implementations should defend
against timing attacks.

This paper was submitted to Usenix security 03.  The link to the paper
is here:
http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html

-David Brumley



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ