Remote timing attacks are practical
Posted by deepquest on March 18, 2003 – 6:42 pm
Specifically, we devise a timing attack against OpenSSL. The experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network.
Results demonstrate that timing attacks against network servers are practical and therefore all security systems should defend against them.
Full paper [url=http://crypto.stanford.edu/~dabo/papers/ssl-timing.ps]PS[/url] or [url=http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf]PDF[/url]. Here’s a local copy in PDF format:[url=https://deepquest.code511.com/blog/images/uploads/txt/ssl-timing.pdf]ssl-timing.pdf[/url]
Post a reply
You must be logged in to post a comment.