Language Selection

English French German Italian Portuguese Spanish

Be Afraid if Someone's Got a Voltmeter Hooked to Your CPU

Filed under
OSS
Security

Boy, do I hate it when a FLOSS project is given a hard time unfairly. I was this morning greeted with news from many places that OpenSSL, one of the most common FLOSS software libraries used for cryptography, was somehow severely vulnerable.

I had a hunch what was going on. I quickly downloaded a copy of the academic paper that was cited as the sole source for the story and read it. As I feared, OpenSSL was getting some bad press unfairly.

The first thing you have to note about such papers is that informed readers generally ignore the parts that a newbie is most likely focus on: the Abstract, Introduction and Conclusion sections. Unfortunately, these promotional parts of the paper are the sections that focus on the negative implications for OpenSSL. In the rest of the paper, OpenSSL is merely the software component of the experiment equipment.

The experiment described in the paper is very difficult to reproduce. You have to cause very subtle faults in computation at specific times. As I understand it, they had to assemble a specialized hardware copy of a SPARC-based GNU/Linux environment to accomplish the experiment.

rest here




re: OpenSSL

Good but way toooooo long of an article.

To sum up...

"Likelihood of being cracked" is NOT the same as "can be cracked".

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

LibreOffice 4.4.4 Released

The Document Foundation today announced LibreOffice 4.4.4, the latest update to the 4.4 branch. Today's release brings 74 bug fixes including several crashes and import/export bugs. The announcement today also brought news of version 5.0 as well as reminders for the LibreOffice Conference in September. Read more

Watch: Mark Shuttleworth Talks About Telco and NFV Technologies

The Movilforum website had the great pleasure of interviewing Mark Shuttleworth, CEO of Canonical and founder of the world's most popular free operating system, Ubuntu Linux. Read more

Linux Kernel 4.0.7 Is a Small Release with Updated Drivers, ARM Improvements

On the last days of June, Greg Kroah-Hartman announced the availability of several maintenance releases for the Linux kernels 4.1, 4.0, 3.14, and 3.10. The seventh point release of Linux kernel 4.0 is a small one that brings mostly updated drivers. Read more

An Everyday Linux User Review Of Debian Jessie

I have now been using Debian for a few weeks and it is therefore time for me to write a review of my experience thus far. Debian has been around for what seems like forever now and it is the base for so many other Linux distributions such as Ubuntu, Mint, SolydXK and Knoppix. I think that the general consensus amongst Linux users is that Debian is stable, dependable and a good environment on which to build upon. Does that mean it is suitable for Everyone? Read more