There was even an OS that, for a time until the patch got out, when you handed it a pointer to a user name and a pointer to a password, conveniently returned to you the password pointer updated to point at the first bad character in the password for that account.
Thanks, Donald ====================================================================== Donald E. Eastlake 3rd [EMAIL PROTECTED] 155 Beaver Street +1-508-634-2066(h) +1-508-851-8280(w) Milford, MA 01757 USA [EMAIL PROTECTED] On 21 Feb 2003, Eric Rescorla wrote: > Date: 21 Feb 2003 09:32:53 -0800 > From: Eric Rescorla <[EMAIL PROTECTED]> > To: Steven M. Bellovin <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Subject: Re: [Bodo Moeller <[EMAIL PROTECTED]>] OpenSSL Security Advisory: > Timing-based attacks on SSL/TLS with CBC encryption > > "Steven M. Bellovin" <[EMAIL PROTECTED]> writes: > > > I'm struck by the similarity of this attack to Matt Blaze's master key > > paper. In each case, you're guessing at one position at a time, and > > using the response of the security system as an oracle. What's crucial > > in both cases is the one-at-a-time aspect -- that's what makes the > > attack linear instead of exponential. > Indeed. > > And of course, both attacks resemble the old password guessing > attack on character by character passwords where you time how > long password verification takes. (The details are pretty > hazy but ISTR that you arranged for the password to cross > a page boundary to increase the time discrimination). > > -Ekr > > > --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]