patches available for RSA timing attacks

Researchers have discovered a timing attack on RSA keys to which OpenSSL is vulnerable. OpenBSD patches are now available. The following paper describes the attack in detail:

    http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf

The patches have already been committed to OpenBSD-current and the 3.1 and 3.2 -stable branches. For those who wish to manually patch their systems, the following patches are available.

Patch for OpenBSD 3.1:

    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/024_blinding.patch

Patch for OpenBSD 3.2:

    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/011_blinding.patch

The OpenSSL advisory (from which the patches are derived) is:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related openbsd.org Links advocacy announce bugs ipv6 misc ports ports-changes security-announce smp source-changes tech Request more information about Pantek

    http://www.openssl.org/news/secadv_20030317.txt Received on Wed Mar 19 18:44:44 2003