Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: OpenSSL

  • From: alex
  • Date: Tue Mar 18 10:05:14 2003 
> > This means that it is safer for senior managers in a company to 
> > communicate using private ADSL Internet connections to their desktops 
> > rather than using a corporate LAN.
>
> Afraid not. The timing attack is an attack on the SSL server. 
> So as long as the SSL server is accessible at all, the attack
> can be mounted. And once the private key is recovered, then
> you no longer need LAN access.

While the timing attack is the attack against the SSL server, it is my
reading of the paper that the attacks' success largely depends on ability to
tightly control the time it takes to communicate with a service using SSL.
Currently, such control is rather difficult to achive on links other than
ethernet.

Alex


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.