l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2003 Mar 14 13:26

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox] [Fwd: Vulnerability in OpenSSL]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox] [Fwd: Vulnerability in OpenSSL]

An item that may have implications for other packages that compile against
OpenSSL that include mod_ssl, openssh, and if you specified it in a bind
install (or your package was so configured) BIND too.

The amount of work required for this attack it a bit much (at present) but
the risks upon successful attack are obvious. Now that light has been shed
upon this, other shortcuts may be investigated to make it take less work.

If this attack is addressed, then expect many new packages and package
upgrades for your boxes from your Linux vendor for several packages
related to encryption.

It will prob make it to slashdot if it hasn't already.


-------- Original Message --------
Subject: Vulnerability in OpenSSL
From: David Brumley <dbrumley@stanford.edu>
Date: Thu, March 13, 2003 3:59 pm
To: bugtraq@securityfocus.com

Dan Boneh and I have been researching timing attacks against software
crypto libraries.  Timing attacks are usually used to attack weak
computing devices such as smartcards.  We've successfully developed and
mounted timing attacks against software crypto libraries running on
general purpose PC's.

We found that we can recover an RSA secret from OpenSSL using anywhere
from only 300,000 to 1.4 million queries.  We demonstrated our attack
was pratical by successfully launching an attack against Apache +
mod_SSL and stunnel on the local network.  Our results show that timing
attacks are practical against widely-deploy servers running on the

To our knowledge, OpenSSL and derived crypto libraries are vulnerable.
Mozilla's NSS is not vulnerable, as it implements RSA blinding.
Crypto++ is not vulnerable in practice due to it's sliding windows
implementation (least to most significant..most to least is vulnerable).

The results indicate that all crypto implementations should defend
against timing attacks.

This paper was submitted to Usenix security 03.  The link to the paper
is here:

-David Brumley

vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!