[56817] in North American Network Operators' Group
Re: OpenSSL
daemon@ATHENA.MIT.EDU (Scott Francis)
Mon Mar 17 20:18:54 2003
Date: Mon, 17 Mar 2003 17:18:23 -0800
From: Scott Francis <darkuncle@darkuncle.net>
To: "Steven M. Bellovin" <smb@research.att.com>
Cc: nanog@merit.edu
Mail-Followup-To: Scott Francis <darkuncle@darkuncle.net>,
"Steven M. Bellovin" <smb@research.att.com>, nanog@merit.edu
In-Reply-To: <20030317175524.D2E6C7B4D@berkshire.research.att.com>
Errors-To: owner-nanog-outgoing@merit.edu
--sT9gWZPUZYhvPS56
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Mar 17, 2003 at 12:55:24PM -0500, smb@research.att.com said:
> In message <20030317173458.GC9680@darkuncle.net>, Scott Francis writes:
> >
>=20
> >
> >Fun is about all it comes to. See what Schneier had to say in the most
> >recent crypto-gram regarding this hole.
> ><http://www.counterpane.com/crypto-gram-0303.html>
>=20
> This is a new attack, not the one Schneier was talking about. It's=20
> very elegant work -- they actually implemented an attack that can=20
> recover the long-term private key. The only caveat is that their=20
> attack currently works on LANs, not WANs, because they need more=20
> precise timing than is generally feasible over the Internet.
Hm, mea culpa. I read the title without digging very far into the actual
announcements and thought it a rehash of the earlier holes. Thanks for
clearing it up for me.
--=20
Scott Francis || darkuncle (at) darkuncle (dot) net
illum oportet crescere me autem minui
--sT9gWZPUZYhvPS56
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iD8DBQE+dnPfWaB7jFU39ScRAqAqAJ9c2WuYw/jPY63kxPNjSInSnvrm2gCeKvOy
eNOjNTIf277P6LPI0xzZ/g8=
=QGv1
-----END PGP SIGNATURE-----
--sT9gWZPUZYhvPS56--
