Sign In

Communications of the ACM

ACM TechNews

Cryptographic Attack Highlights the Importance of Bug-Free Software

View as: Print Mobile App Share:

University of Bristol researchers have circumvented the security that OpenSSL should provide by targeting a bug in the software.

The team attacked a very specific version of the cryptography toolkit for implementing the SSL protocol, 0.9.8g, and only when a particular set of options were used. The researchers sent carefully constructed messages to the Web server, and each triggered the bug and allowed part of a cryptographic key to be recovered. By using enough messages the researchers were able to recover the entire key.

"With software and hardware playing increasingly significant roles in our day-to-day life, how much can and should we trust them to be correct?" says Bristol lecturer and research team member Dan Page. "The answer, in part at least, is a stronger emphasis on and investment in formal verification and correctness of open source software."

Page says their research emphasizes the importance of software verification for software engineers in the future.

From University of Bristol News
View Full Article

Abstracts Copyright © 2012 Information Inc. External Link, Bethesda, Maryland, USA 


No entries found