[Cryptography] "We need crypto code training" and other obviosities.
John-Mark Gurney
jmg at funkthat.com
Sat Oct 24 15:56:13 EDT 2015
Jerry Leichter wrote this message on Sat, Oct 24, 2015 at 15:06 -0400:
>
> > One BIG issue in crypto code is side channel attacks, and no matter
> > how good a programmer you are, you aren't going to code for side
> > channel attacks because it intentionally makes your program slower...
> >
> > GCM for example will leak like a sieve if you use an 8bit lookup
> > table, which is the best/fastest way to implement it on modern
> > systems...
> The view that side-channel attacks are *crypto* problem is like the FIPS approach to certification: Draw your boundaries, say "all the important stuff is inside this box I made up", show that the stuff inside is secure, and bam - you've got certification. The fact that stuff outside the box is sending all your cleartext to some unknown location on the Internet is just declared out of bounds.
>
> The side-channel attacks we've seen concentrate on the crypto because that's code shared by many applications that deal in sensitive data, so attacking it gets you a great deal of bang for the buck. It also gets you bragging and publication rights.
This is very correct that side channels do not just apply to crypto...
It's also easier to demonstrate side channel issues on crypto as the
tight repetive calculations on sensitive data (keys)..
Side channels are a long known issues (long before SPA/DPA was
"discovered") with leaking data between protection domains on secure
systems...
> I don't recall seeing any publications on power-analysis or timing-analysis or other such attacks against the functional code of any application. You know, the stuff that actually works on the "red" data directly.
Yeh, but I have a friend who does DPA, you can zero in on any transistor
you want if you have you're selection functions correct...
> If anyone is exploiting side-channel attacks in the real world - given all the simpler attacks available, it's not clear anyone needs to bother - I'll bet they're going against the soft underbelly - the vast bulk of code that does the actual work, with no one looking closely at it to see if it's vulnerable.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the cryptography
mailing list