[12573] in cryptography@c2.net mail archive
Re: [Bodo Moeller ] OpenSSL Security Advisory:
daemon@ATHENA.MIT.EDU (Donald Eastlake 3rd)
Mon Feb 24 12:23:16 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
Date: Sun, 23 Feb 2003 19:33:08 -0500 (EST)
From: Donald Eastlake 3rd <dee3@torque.pothole.com>
To: cryptography@wasabisystems.com
In-Reply-To: <kj1y21zghm.fsf@romeo.rtfm.com>
There was even an OS that, for a time until the patch got out, when you
handed it a pointer to a user name and a pointer to a password,
conveniently returned to you the password pointer updated to point at
the first bad character in the password for that account.
Thanks,
Donald
======================================================================
Donald E. Eastlake 3rd dee3@torque.pothole.com
155 Beaver Street +1-508-634-2066(h) +1-508-851-8280(w)
Milford, MA 01757 USA Donald.Eastlake@motorola.com
On 21 Feb 2003, Eric Rescorla wrote:
> Date: 21 Feb 2003 09:32:53 -0800
> From: Eric Rescorla <ekr@rtfm.com>
> To: Steven M. Bellovin <smb@research.att.com>
> Cc: cryptography@wasabisystems.com
> Subject: Re: [Bodo Moeller <bodo@openssl.org>] OpenSSL Security Advisory:
> Timing-based attacks on SSL/TLS with CBC encryption
>
> "Steven M. Bellovin" <smb@research.att.com> writes:
>
> > I'm struck by the similarity of this attack to Matt Blaze's master key
> > paper. In each case, you're guessing at one position at a time, and
> > using the response of the security system as an oracle. What's crucial
> > in both cases is the one-at-a-time aspect -- that's what makes the
> > attack linear instead of exponential.
> Indeed.
>
> And of course, both attacks resemble the old password guessing
> attack on character by character passwords where you time how
> long password verification takes. (The details are pretty
> hazy but ISTR that you arranged for the password to cross
> a page boundary to increase the time discrimination).
>
> -Ekr
>
>
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
