Language Selection

English French German Italian Portuguese Spanish

Be Afraid if Someone's Got a Voltmeter Hooked to Your CPU

Filed under
OSS
Security

Boy, do I hate it when a FLOSS project is given a hard time unfairly. I was this morning greeted with news from many places that OpenSSL, one of the most common FLOSS software libraries used for cryptography, was somehow severely vulnerable.

I had a hunch what was going on. I quickly downloaded a copy of the academic paper that was cited as the sole source for the story and read it. As I feared, OpenSSL was getting some bad press unfairly.

The first thing you have to note about such papers is that informed readers generally ignore the parts that a newbie is most likely focus on: the Abstract, Introduction and Conclusion sections. Unfortunately, these promotional parts of the paper are the sections that focus on the negative implications for OpenSSL. In the rest of the paper, OpenSSL is merely the software component of the experiment equipment.

The experiment described in the paper is very difficult to reproduce. You have to cause very subtle faults in computation at specific times. As I understand it, they had to assemble a specialized hardware copy of a SPARC-based GNU/Linux environment to accomplish the experiment.

rest here




re: OpenSSL

Good but way toooooo long of an article.

To sum up...

"Likelihood of being cracked" is NOT the same as "can be cracked".

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Review: Simplicity Linux 15.4 alpha

Overall I give it 2 Thumbs Up on speed and layout of OS. If you have a computer with low resources, then this is an OS for you to try. Read more

Eurostat continues to share and use open source

Eurostat, the statistical office of the European Communities, continues to release as open source its ICT solutions. To date, Eurostat has shared 102 solutions on the European Commission’s Joinup platform. The statistical office has been using and sharing open source for more than a decade. Already in 2004 Eurostat’s ICT policy stipulated to consider open source software for all new projects. Read more

Excellent: Android Ecosystem is Low-Margin, Fragmenting

What the figures really show is that Apple is price-gouging its customers, extracting unreasonable levels of profit by virtue of its monopoly. In the world of Android, by contrast, the fierce competition that exists between fungible manufacturers has driven down profit margins to razor-thin levels. Open source, and the level playing field that it creates, is a great way for maximising the benefits to customers, rather than companies. Read more

Open source empowers Sintra health centre

Open source tools used by ACES Sintra include content management system Wordpress, combined with the usual LAMP stack: the MySQL database management system, the Apache web server, Linux for the server host and the PHP web development scripting language. The combination is used for the public website, but also for several internal Intranet project and team sites. The organisation implements Wiki websites, mainly for the IT department but also to maintain a list of frequently asked questions and their answers. Read more