AES cache timing attack
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Jun 21 22:09:07 EDT 2005
Ian Grigg <iang at systemics.com> writes:
>Alternatively, if one is in the unfortunate position of being an oracle for a
>single block encryption then the packet could be augmented with a cleartext
>random block to be xor'd with the key each request.
Moves you from being an encryption oracle to a related-key oracle, and makes
the protocol non-idempotent.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list