You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by "William A. Rowe, Jr." <wr...@rowe-clan.net> on 2003/03/14 17:33:10 UTC

Re: RSA private key attack [CERT VU#997481] Apache

Moving this now-public discussion to httpd ... the paper is out;

http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html

and the OpenSSL team is already looking at it.

Consolation prize; you need to have a very fat low latency pipe
to the target before you have small enough resolution in timing
to actually derive any benefit from the methodology.

CERT will be looking for the resolution to add to their incident.

Bill