[56810] in North American Network Operators' Group
Re: OpenSSL
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Mon Mar 17 12:56:36 2003
From: "Steven M. Bellovin" <smb@research.att.com>
To: Scott Francis <darkuncle@darkuncle.net>
Cc: Len Rose <len@netsys.com>, nanog@merit.edu
In-Reply-To: Your message of "Mon, 17 Mar 2003 09:34:58 PST."
<20030317173458.GC9680@darkuncle.net>
Date: Mon, 17 Mar 2003 12:55:24 -0500
Errors-To: owner-nanog-outgoing@merit.edu
In message <20030317173458.GC9680@darkuncle.net>, Scott Francis writes:
>
>
>Fun is about all it comes to. See what Schneier had to say in the most
>recent crypto-gram regarding this hole.
><http://www.counterpane.com/crypto-gram-0303.html>
This is a new attack, not the one Schneier was talking about. It's
very elegant work -- they actually implemented an attack that can
recover the long-term private key. The only caveat is that their
attack currently works on LANs, not WANs, because they need more
precise timing than is generally feasible over the Internet.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
