The Register has posted an
on a reported OpenSSL vulnerability that allows attackers to
obtain a system's private key. Before hitting the panic button, though,
it's worth seeing what's involved in carrying out this attack: "The
university scientists found that they could deduce tiny pieces of a private
key by injecting slight fluctuations in a device's power supply as it was
processing encrypted messages. In a little more than 100 hours, they fed
the device enough 'transient faults' that they were able to assemble the
entirety of its 1024-bit key.
" It could be a problem for keys
hidden in embedded systems, but that is probably about the extent of it.
to post comments)