global security disclosure

Register | Login

Home Files News About Contact Add New

Remote Timing Attacks Are Still Practical

Remote Timing Attacks Are Still Practical: Posted May 25, 2011; Authored by Nicola Tuveri, Billy Bob Brumley; This whitepaper describes a timing attack vulnerability in OpenSSL's ladder implementation for curves over binary fields. They use this vulnerability to steal the private key of a TLS server where the server authenticates with ECDSA signatures. Using the timing of the exchanged messages, the messages themselves, and the signatures, they mount a lattice attack that recovers the private key. Finally, they describe and implement an effective countermeasure.; tags | exploit, paper, crypto, vulnerability; MD5 | 4558b899d97a106def3ba064ab5eadfe; Download | Favorite | Comments (0)

Comments

Subscribe to this comment feed

No comments yet, be the first!

Top Authors In Last 30 Days

Heine Pedersen 29 files
Torben Jensen 29 files
Ubuntu 27 files
Farbod Mahini 26 files
Debian 26 files
Red Hat 25 files
HauntIT 22 files
Mandriva 17 files
sinn3r 11 files
the_cyber_nuxbie 10 files

File Tags

File Archives

Systems

AIX (352)
Apple (963)
BSD (302)
Cisco (1,247)
Debian (3,802)
Fedora (1,660)
FreeBSD (1,024)
Gentoo (2,468)
HPUX (685)
iPhone (95)
IRIX (217)
Juniper (60)
Linux (20,649)
Mac OS X (415)
Mandriva (2,205)
NetBSD (235)
OpenBSD (414)
RedHat (2,431)
Slackware (378)
Solaris (1,472)
SUSE (1,228)
Ubuntu (2,728)
UNIX (6,852)
UnixWare (148)
Windows (4,019)
Other

packet storm

© 2012 Packet Storm. All rights reserved.

Site Links: News by Month; News Tags; Files by Month; File Tags; File Directory

About Us: History & Purpose; Contact Information; Terms of Service; Privacy Statement; Copyright Information

Advertising: Become an Advertiser
Hosting By: Rokabear; Global Mirror List