[17529] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: AES cache timing attack

daemon@ATHENA.MIT.EDU (Peter Gutmann)
Tue Jun 21 22:31:33 2005

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: iang@systemics.com, jerrold.leichter@smarts.com
Cc: cryptography@metzdowd.com, hal@finney.org,
	neuhaus@st.cs.uni-sb.de, pgut001@cs.auckland.ac.nz
In-Reply-To: <200506220128.31490.iang@systemics.com>
Date: Wed, 22 Jun 2005 14:09:07 +1200

Ian Grigg <iang@systemics.com> writes:

>Alternatively, if one is in the unfortunate position of being an oracle for a
>single block encryption then the packet could be augmented with a cleartext
>random block to be xor'd with the key each request.

Moves you from being an encryption oracle to a related-key oracle, and makes
the protocol non-idempotent.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[17529] in cryptography@c2.net mail archive

Re: AES cache timing attack

daemon@ATHENA.MIT.EDU (Peter Gutmann)Tue Jun 21 22:31:33 2005

daemon@ATHENA.MIT.EDU (Peter Gutmann)
Tue Jun 21 22:31:33 2005