OpenSSL

Steve_Bellovin · March 17, 2003, 5:55pm

This is a new attack, not the one Schneier was talking about. It's
very elegant work -- they actually implemented an attack that can
recover the long-term private key. The only caveat is that their
attack currently works on LANs, not WANs, because they need more
precise timing than is generally feasible over the Internet.

--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)

Scott_Francis · March 18, 2003, 1:18am

Hm, mea culpa. I read the title without digging very far into the actual
announcements and thought it a rehash of the earlier holes. Thanks for
clearing it up for me.