On Sun May 29 2011, greenelephant wrote: > > Hello > > I have a computer with Ubuntu OS and an Apache HTTP server. I am trying to > create a SSL certificate using RSA public and private keys. > > However it has come to my attention that at this present moment there are > sophisticated methods such as man in middle attack, Side channel attack, and > Branch prediction analysis attacks. > > http://en.wikipedia.org/wiki/Man-in-the-middle_attack > http://en.wikipedia.org/wiki/Side_channel_attack > http://en.wikipedia.org/wiki/Branch_prediction > > This is of a concern to me especially the side channel attack as it can > analyse one's CPU variants to predict one's secret key. >
In the link you posted on the subject of side channel attacks, there is a link to the paper referenced. In that paper, section 5.1, "Experiment Setup", the test setup is described. Which raises a question in my mind: Do you intend on using OpenSSL v0.9.7, compiled with gcc-2.96 on a single-core powered server? That setup reads as very 20th century to me. ;-) Mike > I am aware of the > ongoing battle between hackers/attackers and the institutions which provide > and create integrity modules/programs such as RSA/SSL etc. I also know that > using high numbered bits (1024 bit encryption) and above lessens the chance > of an attacker breaching your system using this method. This may be obsolete > now with the introduction of attacks listed above such as Side-Channel > Attack but RSA keys can be renewed and regenerated > > However what also has come to my attention is methods created and introduced > by RSA to combat these threats such as 'padding' used by sub programs > created by RSA such as OAEP and PKCS. > > So here is my question. I have an APACHE web server which I would like to > host a HTTPS/SSL page. I would like to be able through OPENSSL to create a > certificate and key(s) which use either PKCS or OAEP methods to 'pad' the > encrypted connections between my computer and my clients. How would I be > able to go about this? > > Thank you in advance for any feedback ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org