Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - OpenSSL Timing Attack Steals Private Keys (

Trailrunner7 writes: Remote timing attacks have been a problem for cryptosystems for more than 20 years. A new paper shows that such attacks are still practical and can be used to steal the private key of a TLS server running OpenSSL. The researchers, Billy Bob Brumley and Nicola Tuveri of Aalto University School of Science, focused their efforts on OpenSSL's implementation of the elliptic curve digital signature algorithm (ECDSA), and they were able to develop an attack that allowed them to steal the private key of an OpenSSL server.
In an interview, Brumley says that the attack is just a symptom of other problems. "Perhaps the scariest part is that the piece of code introducing the vulnerability has been in the library since roughly 2005. This shows that identifying timing attack vulnerabilities is a daunting task. This isn't the first timing attack vulnerability discovered in OpenSSL, and I can guarantee it won't be the last."

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

OpenSSL Timing Attack Steals Private Keys

Comments Filter:

"Catch a wave and you're sitting on top of the world." - The Beach Boys