[17498] in cryptography@c2.net mail archive
Re: AES cache timing attack
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Fri Jun 17 10:28:55 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@metzdowd.com, hal@finney.org
In-Reply-To: <20050616185227.A413C57E8C@finney.org>
Date: Fri, 17 Jun 2005 23:57:29 +1200
hal@finney.org ("Hal Finney") writes:
>Steven M. Bellovin writes:
>> Dan Bernstein has a new cache timing attack on AES:
>> http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
>This is a pretty alarming attack.
It is? Recovering a key from a server custom-written to act as an oracle for
the attacker? By this I don't even mean the timing-related stuff, but just
one that just acts as a basic encryption oracle. Try doing that with TLS or
SSH, you'll get exactly one unrelated packet back, which is the connection
shutdown message. So while it's a nice attack, section 15 should really be
simplified to:
Don't do that, then.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
