Timing attack against OpenSSL/mod_SSL

Dan Boneh and I have been researching timing attacks against software
crypto libraries. Timing attacks are usually used to attack weak
computing devices such as smartcards. We've successfully developed and
mounted timing attacks against software crypto libraries running on
general purpose PC's.

We found that we can recover an RSA secret from OpenSSL using anywhere
from only 300,000 to 1.4 million queries. We demonstrated our attack
was pratical by successfully launching an attack against Apache +
mod_SSL and stunnel on the local network. Our results show that timing
attacks are practical against widely-deploy servers running on the
network.

While OpenSSL definitely does provide for blinding, mod_SSL doesn't
appear to use it. One reason is it appears difficult to enable blinding
from the SSL API.

This paper was submitted to Usenix security 03. The link to the paper
is here:
http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html

We notified CERT about a month ago re: this attack, so it's possible you
heard about this from them already.

flames > /dev/null. Feel free to write with any questions.

Cheers,
-David Brumley

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org