httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: RSA private key attack [CERT VU#997481] Apache
Date Fri, 14 Mar 2003 16:33:10 GMT
Moving this now-public discussion to httpd ... the paper is out;

http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html

and the OpenSSL team is already looking at it.

Consolation prize; you need to have a very fat low latency pipe
to the target before you have small enough resolution in timing
to actually derive any benefit from the methodology.

CERT will be looking for the resolution to add to their incident.

Bill


Mime
View raw message