OpenSSL

• Previous message (by thread): OpenSSL
• Next message (by thread): OpenSSL
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> This is a new attack, not the one Schneier was talking about.  It's 
> very elegant work -- they actually implemented an attack that can 
> recover the long-term private key.  The only caveat is that their 
> attack currently works on LANs, not WANs, because they need more 
> precise timing than is generally feasible over the Internet.

Hmmm...
This means that it is safer for senior managers in a company to 
communicate using private ADSL Internet connections to their desktops 
rather than using a corporate LAN.

Very interesting. Could IP Centrex be the wave of the future? Will ISPs 
offer random jitter insertion guarantees on such a service to foil people 
using timing attacks?

--Michael Dillon

• Previous message (by thread): OpenSSL
• Next message (by thread): OpenSSL
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]