Entry 27763 (Berkeley CSUA MOTD)

Berkeley CSUA MOTD:Entry 27763

WIKI \| FAQ \| Tech FAQ
`http://csua.com/feed/`

2025/05/25 [General] UID:1000 Activity:popular

5/25

2003/3/20 [Computer/Theory] UID:27763 Activity:moderate

3/19    Just in case some of you haven't seen this yet, there are two
        new attacks on RSA in OpenSSL
        1. Timing attack on RSA keys:
           http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
           OpenSSL advisory is here:
           http://www.openssl.org/news/secadv_20030317.txt
        2. Extened Bleichenbacher attack on RSA with PKCS #1 v1.5
           padding:
           http://eprint.iacr.org/2003/052
           The OpenSSL advisory will be here:
           http://www.openssl.org/news/secadv_20030319.txt
        \_ In English, if I'm a low value target do I have to worry about
           anything?  Is this stuff theoretical or script kiddy quality?
           \_ the dropouts speak!
           \_ Read the Stanford paper.  They have an exploit.  They also say
              which configurations are vulnerable.  Now set up a traffic
              monitor/packet sniffer on your "low value target" home DSL or
              cable box and fire up IRC or something.  Enjoy.  -John
           \_ If you are running HTTPS on your "low value target" I would
              recommend applying the OpenSSL patch that fixes the first
              attack. I wouldn't be as concerned about the second one.
              In any case, if you are running OpenBSD 3.1 or 3.2 there
              are patches available from the usual place.

2025/05/25 [General] UID:1000 Activity:popular

5/25

You may also be interested in these entries...

2011/4/26-7/13 [Computer/Theory, Health/Women] UID:54095 Activity:nil

4/26    Is it correct to say that Godel's work on the incompleteness thm
        proved the Principia Mathematica wrong?
        \_ It didn't exactly prove it wrong; it proved that the true goal of
           PM (a complete and consistent set of mathematical truths)
           is unattainable.  -tom
           \_ Ah cool, no this is good. See ok yeah so the main goal of PM
	...

2011/2/24-4/20 [Computer/SW/Languages/Java] UID:54048 Activity:nil

2/24    Go Programming Language.  Anyone here use it?  It kind of
        reminds me of java-meets python, and well, that is fitting given it's
        a GOOG product.  What is so special about it?
        \_ as I understand it, it's a suitable OOP-y systems language with more
           structure than C, less complexity than C++, and less overhead than
           Java/Python.
	...

2009/4/30-5/6 [Computer/Theory] UID:52923 Activity:nil

4/30    Sorting question!  I have n sorted arrays of doubles.  What's the
        fastest way to sort them into 1 big sorted array?
        \_ as mentioned below: you are describing one half of mergesort
        \_ You really have to ask this question?
           \_ You don't know either, huh?
        \_ If three are n sorted arrays of m doubles each, I think the fastest
	...

2009/1/13-22 [Computer/Theory] UID:52367 Activity:kinda low

1/13    I am writing a commandline parser for a class and I could use some
        tips for algorithms to use. (The project is over and done so I am
        not cheating, but I am dissatisfied with my end result.) I STFW and
        didn't come up with too much I liked. I read the source for some
        shells like tcsh and that is *WAY* too complicated and relies on
        a lot of other code. I know that browsers and other apps have
	...

2008/12/18-2009/1/7 [Computer/SW/Mail] UID:52279 Activity:nil

12/18   Campus USENET service will be terminated on 12/31.
        http://ls.berkeley.edu/mail/micronet/2008/1608.html
        \_ I emailed RobR to tell him. -ausman
        \_ The CSUA is considering asking campus to allow us to run NNTP for
           ucb.class.*, as bSpace sucks major major ass. Thoughts? --t
           \_ That's noble, but maybe the effort would be better spent
	...

2008/4/9-16 [Computer/SW/Languages/Java] UID:49700 Activity:moderate

4/8     What defines upper class, middle class, and lower class? Income?
        Post tax income? Post tax deduction income? How about asset and
        liabilities? I mean, don't most homeowners with mortgages have
        LIABILITIES since they OWE money? If we count mortgage and
        credit card debts, wouldn't most Americans be lower class?
        \- YMWTR: PFUSSEL: Class. I personally think that is a crappy
	...

2008/1/14-18 [Computer/SW/Languages/C_Cplusplus, Politics/Domestic/California] UID:48947 Activity:insanely high

1/14    Why do we put up with plurality voting for stuff like primaries?
        When the "winners" get around a quarter to a third of the vote
        something is broken. We should have IRV. And also, national
        popular vote for president.
        \_ IRV is not monotonic.  What you want approval voting. -dans
           \_ Actually I'd rather have IRV. I think we discussed this
	...

Cache (646 bytes)

www.openssl.org/news/secadv_20030317.txtTypically, it will not have been, because it is not easily possible to do so when using OpenSSL to provide SSL or TLS. Applications that wish to can remove the blinding with RSA_blinding_off(), but this is not generally advised. It is also possible to disable it completely by defining OPENSSL_NO_FORCE_RSA_BLINDING at compile-time. The performance impact of blinding appears to be small (a few percent). This problem affects many applications using OpenSSL, in particular, almost all SSL-enabled Apaches. You should rebuild and reinstall OpenSSL, and all affected applications. We strongly advise upgrading OpenSSL in all cases, as a precaution.

Cache (1395 bytes)

eprint.iacr.org/2003/052 -> eprint.iacr.org/2003/052/Cryptology ePrint Archive: Report 2003/052 Attacking RSA-based Sessions in SSL/TLS Vlastimil Klima and Ondrej Pokorny and Tomas Rosa Abstract. In this paper we present a practically feasible attack on RSA-based sessions in SSL/TLS protocols. The premaster-secret is the only secret value that is used for deriving all the particular session keys. Therefore, an attacker who can recover the premaster-secret can decrypt the whole captured SSL/TLS session. We show that incorporating a version number check over PKCS#1 plaintext used in the SSL/TLS creates a side channel that allows the attacker to invert the RSA encryption. The attacker can then either recover the premaster-secret or sign a message on behalf of the server. Practical tests showed that two thirds of randomly chosen Internet SSL/TLS servers were vulnerable. The attack is an extension of Bleichenbachers attack on PKCS#1 (v. We introduce the concept of a bad-version oracle (BVO) that covers the side channel leakage, and present several methods that speed up the original algorithm. Our attack was successfully tested in practice and the results of complexity measurements are presented in the paper. The median time for a whole attack on the premaster-secret could be then estimated as 54 hours and 42 minutes. We also propose and discuss countermeasures, which are both cryptographically acceptable and practically feasible.

Cache (322 bytes)

www.openssl.org/news/secadv_20030319.txtTheir attack requires the attacker to open millions of SSL/TLS connections to the server under attack; Note that the server's RSA key is not compromised in this attack. This problem affects all applications using the OpenSSL SSL/TLS library. The enclosed patch modifies SSL/TLS server behaviour to avoid the vulnerability.