[45194] in Cypherpunks
Re: Timing Cryptanalysis Attack
daemon@ATHENA.MIT.EDU (Peter Monta)
Mon Dec 11 19:04:18 1995
To: cypherpunks@toad.com
Date: Mon, 11 Dec 1995 13:11:21 -0800
From: Peter Monta <pmonta@qualcomm.com>
Kocher says this about padding to constant time:
> ... If a timer is used to delay returning results until a pre-specified
> time, attackers may be able to monitor other aspects of the system
> performance to determine when the cryptographic computation completes.
Perhaps, but an attack would be much more difficult if the monitoring must
be done outside the host doing the computation (viewing a router from
the outside, say, as Eric Young alludes to), since the scope for covert
channels is much reduced.
Peter Monta
