Security researchers have discovered a "timing attack" that creates a possible mechanism for a hacker to extract the secret key of a TLS/SSL server that uses elliptic curve cryptography (ECC).
Elliptic curve cryptography is a type of public-key algorithm that uses the maths of elliptic curves rather than integer factorisation, which is used by RSA as a one-way function. By using ECC it is possible to provide equivalent levels of difficulty for a brute-force attack as can be provided by the more familiar integer-factorisation approaches, but using smaller key lengths. The approach has benefits for mobile and low-power systems.

The link for this article located at The Register UK is no longer available.