OpenSSL
Steven M. Bellovin
smb at research.att.com
Mon Mar 17 17:55:24 UTC 2003
In message <20030317173458.GC9680 at darkuncle.net>, Scott Francis writes:
>
>
>Fun is about all it comes to. See what Schneier had to say in the most
>recent crypto-gram regarding this hole.
><http://www.counterpane.com/crypto-gram-0303.html>
This is a new attack, not the one Schneier was talking about. It's
very elegant work -- they actually implemented an attack that can
recover the long-term private key. The only caveat is that their
attack currently works on LANs, not WANs, because they need more
precise timing than is generally feasible over the Internet.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
More information about the NANOG
mailing list