Re: Net security software exposed
From: Vlastimil Klima (vlastimil.klima@i.cz)
Date: 02/21/03
- Next message: Kevin Buhr: "Re: Proof that Quantum Mechanics is not random!"
- Previous message: Cristiano: "Re: diehard and ent results quesion"
- In reply to: rizwan: "Net security software exposed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Vlastimil Klima" <vlastimil.klima@i.cz> Date: Fri, 21 Feb 2003 10:41:38 +0100
> Story from BBC NEWS:
> http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/2785145.stm
> This looks to be a valid, real-world attack on SSL/TLS. More details at:
http://lasecwww.epfl.ch/memo_ssl.shtml
Very nice attack, congratulations to the researchers!
BTW: You may see our comment sent to 'IETF Transport Layer Security WG' on
Jun 20, 2002 :-)
".... For instance, there still exists a risk of timing side channel
(unveiling whether it was padding or MAC, what failed,
especially for longer records)..... Hope that programmers will be aware of
these pitfalls.
Vlastimil Klima and Tomas Rosa.",
see http://www.imc.org/ietf-tls/mail-archive/msg03536.html
Vlastimil and Tom
- Next message: Kevin Buhr: "Re: Proof that Quantum Mechanics is not random!"
- Previous message: Cristiano: "Re: diehard and ent results quesion"
- In reply to: rizwan: "Net security software exposed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
