[Bodo Moeller <bodo at openssl.org>] OpenSSL Security Advisory: Timing-based attacks on SSL/TLS with CBC encryption
Matt Blaze
mab at research.att.com
Sat Feb 22 05:30:05 EST 2003
SMB writes:
> I'm struck by the similarity of this attack to Matt Blaze's master key
> paper. In each case, you're guessing at one position at a time, and
> using the response of the security system as an oracle. What's crucial
> in both cases is the one-at-a-time aspect -- that's what makes the
> attack linear instead of exponential.
There's nothing new under the sun; both attacks are more similar than
not to the classic Tenex page-alignment character-at-a-time password
guessing attack.
Speaking of which, does anyone have a good PRIMARY reference to that
I've been trying to track one down for the print version of my lock
paper, and all I can find is either secondary references (like countless
OS textbooks and random computer security papers) or papers that you'd
think would have the attack but turn out no to (like the recent
Multics retrospective paper). Where did the Tenex attack first
appear?
-matt
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list