[17582] in cryptography@c2.net mail archive
Re: Optimisation Considered Harmful
daemon@ATHENA.MIT.EDU (James A. Donald)
Sat Jun 25 15:23:00 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "James A. Donald" <jamesd@echeque.com>
To: Cryptography <cryptography@metzdowd.com>
Date: Sat, 25 Jun 2005 10:27:16 -0700
--
James A. Donald:
> > Suppose you have something that is inadvertently an
> > oracle - it encrypts stuff from many different users
> > preparatory to sending it out over the internet, and
> > makes no effort to strongly authenticate a user.
> >
> > Have it encrypt stuff into a buffer, and on a timer
> > event, send out the buffer.
> >
> > Your code is now of course multithreaded - very easy
> > to get multithreading bugs that never show up during
> > testing, but non deterministically show up in actual
> > use.
On 24 Jun 2005 at 12:25, Dan Kaminsky wrote:
> The problem is with edges:
>
> Now, suppose your timer goes off every 200ms. No
> problem, right?
>
> At time=190ms, you force an encryption. If it's done
> by the time=200ms deadline, you know.
It should have been needless to say, that at the end of
each time frame, the oracle only starts sending out
stuff encrypted in response to data received at least n
time frames previously, where n is a small positive
number, possibly one.
A time frame is longer than the difference between the
quickest and slowest encryption of a block. n time
frames is longer than the slowest encryption of a block.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
JdXC3IuQNnYvM2SrAOIY2iLJyhKf21IR191yeebK
4FIl5EvQ0dseZCj2m2/NsQANv7tID98AAQ+pJMARn
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
