Red Hat Bugzilla – Bug 86206
New timing attack on OpenSSL applications
Last modified: 2007-11-30 17:06:52 EST
Description of problem:
Timing attack on RSA decryption because RSA blinding isn't
used in all applications (mod_ssl etc)
Version-Release number of selected component (if applicable):
This affects most applications that link to OpenSSL
In order to exploit this issue you need to be local to the machine or be on a
network that enables you to reliably observe sub 1ms timing differences.
This is CAN-2003-0147
A patch is being prepared by the OpenSSL team that enabled RSA blinding by default.
Was fixed by