On Mon, Mar 17, 2003 at 04:39:31AM -0500, len@netsys.com said:
More OpenSSL (and SSH) fun.
http://lists.netsys.com/pipermail/full-disclosure/2003-March/004524.html AND http://lists.netsys.com/pipermail/full-disclosure/2003-March/004529.html
Fun is about all it comes to. See what Schneier had to say in the most recent crypto-gram regarding this hole. <http://www.counterpane.com/crypto-gram-0303.html> -- Scott Francis || darkuncle (at) darkuncle (dot) net illum oportet crescere me autem minui
In message <20030317173458.GC9680@darkuncle.net>, Scott Francis writes:
Fun is about all it comes to. See what Schneier had to say in the most recent crypto-gram regarding this hole. <http://www.counterpane.com/crypto-gram-0303.html>
This is a new attack, not the one Schneier was talking about. It's very elegant work -- they actually implemented an attack that can recover the long-term private key. The only caveat is that their attack currently works on LANs, not WANs, because they need more precise timing than is generally feasible over the Internet. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book)
On Mon, Mar 17, 2003 at 12:55:24PM -0500, smb@research.att.com said:
In message <20030317173458.GC9680@darkuncle.net>, Scott Francis writes:
Fun is about all it comes to. See what Schneier had to say in the most recent crypto-gram regarding this hole. <http://www.counterpane.com/crypto-gram-0303.html>
This is a new attack, not the one Schneier was talking about. It's very elegant work -- they actually implemented an attack that can recover the long-term private key. The only caveat is that their attack currently works on LANs, not WANs, because they need more precise timing than is generally feasible over the Internet.
Hm, mea culpa. I read the title without digging very far into the actual announcements and thought it a rehash of the earlier holes. Thanks for clearing it up for me. -- Scott Francis || darkuncle (at) darkuncle (dot) net illum oportet crescere me autem minui
participants (3)
-
Len Rose
-
Scott Francis
-
Steven M. Bellovin