Remote Timing Attacks Are Practical
Timing attacks are usually used to attack weak computing devices such as smartcards. The authors show that timing attacks apply to general software systems. Specifically, they devise a timing attack against OpenSSL. The experiments show that they can extract private keys from an OpenSSL-based web server running on a machine in the local network. The results demonstrate that timing attacks against network servers are practical and therefore security systems should defend against them.