[Bodo Moeller <bodo at openssl.org>] OpenSSL Security Advisory: Timing-based attacks on SSL/TLS with CBC encryption
Eric Rescorla
ekr at rtfm.com
Fri Feb 21 12:32:53 EST 2003
"Steven M. Bellovin" <smb at research.att.com> writes:
> I'm struck by the similarity of this attack to Matt Blaze's master key
> paper. In each case, you're guessing at one position at a time, and
> using the response of the security system as an oracle. What's crucial
> in both cases is the one-at-a-time aspect -- that's what makes the
> attack linear instead of exponential.
Indeed.
And of course, both attacks resemble the old password guessing
attack on character by character passwords where you time how
long password verification takes. (The details are pretty
hazy but ISTR that you arranged for the password to cross
a page boundary to increase the time discrimination).
-Ekr
--
[Eric Rescorla ekr at rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list