Language Selection

English French German Italian Portuguese Spanish

Be Afraid if Someone's Got a Voltmeter Hooked to Your CPU

Filed under
OSS
Security

Boy, do I hate it when a FLOSS project is given a hard time unfairly. I was this morning greeted with news from many places that OpenSSL, one of the most common FLOSS software libraries used for cryptography, was somehow severely vulnerable.

I had a hunch what was going on. I quickly downloaded a copy of the academic paper that was cited as the sole source for the story and read it. As I feared, OpenSSL was getting some bad press unfairly.

The first thing you have to note about such papers is that informed readers generally ignore the parts that a newbie is most likely focus on: the Abstract, Introduction and Conclusion sections. Unfortunately, these promotional parts of the paper are the sections that focus on the negative implications for OpenSSL. In the rest of the paper, OpenSSL is merely the software component of the experiment equipment.

The experiment described in the paper is very difficult to reproduce. You have to cause very subtle faults in computation at specific times. As I understand it, they had to assemble a specialized hardware copy of a SPARC-based GNU/Linux environment to accomplish the experiment.

rest here




re: OpenSSL

Good but way toooooo long of an article.

To sum up...

"Likelihood of being cracked" is NOT the same as "can be cracked".

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Leftovers: OSS

Researchers release open source code for powerful image detection algorithm

It is available for free download on two open source platforms, Github and Matlab File Exchange. Making it available as open source code will allow researchers to work together to study, use and improve the algorithm, and to freely modify and distribute it. It also will enable users to incorporate the technology into computer vision and pattern recognition applications and other image-processing applications. Read more

Tizen 3.0 Is Being Ported for Raspberry Pi 2

The Linux-based Tizen 3.0 operating system is being adopted for Raspberry Pi 2, in an effort to make the operating system much more popular. Read more

Solus Operating System to Get a Much Smaller ISO

The developers of the Solus operating system are working on their ypkg tool and they are migrating it from Python to C. This will allow them to considerably shrink the size of the ISO. Read more