|
|
|
|
|
|
by cvwright
3359 days ago
|
|
|
Funny you should mention this in a thread about Dan Boneh's crypto class. David Brumley and Dan Boneh, "Remote Timing Attacks Are Practical." In Proc. USENIX Security Symposium, 2003.
https://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf Abstract Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network servers are practical and therefore all security systems should defend against them. |
|
|