AES cache timing attack
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Jun 17 07:57:29 EDT 2005
hal at finney.org ("Hal Finney") writes:
>Steven M. Bellovin writes:
>> Dan Bernstein has a new cache timing attack on AES:
>> http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
>This is a pretty alarming attack.
It is? Recovering a key from a server custom-written to act as an oracle for
the attacker? By this I don't even mean the timing-related stuff, but just
one that just acts as a basic encryption oracle. Try doing that with TLS or
SSH, you'll get exactly one unrelated packet back, which is the connection
shutdown message. So while it's a nice attack, section 15 should really be
simplified to:
Don't do that, then.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list