AES cache timing attack

Peter Gutmann pgut001 at cs.auckland.ac.nz
Fri Jun 17 07:57:29 EDT 2005


hal at finney.org ("Hal Finney") writes:
>Steven M. Bellovin writes:
>> Dan Bernstein has a new cache timing attack on AES:
>>       http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
>This is a pretty alarming attack.  

It is?  Recovering a key from a server custom-written to act as an oracle for
the attacker?  By this I don't even mean the timing-related stuff, but just
one that just acts as a basic encryption oracle.  Try doing that with TLS or
SSH, you'll get exactly one unrelated packet back, which is the connection
shutdown message.  So while it's a nice attack, section 15 should really be
simplified to:

  Don't do that, then.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list