[Cryptography] "We need crypto code training" and other obviosities.
Jerry Leichter
leichter at lrw.com
Sat Oct 24 15:06:53 EDT 2015
> One BIG issue in crypto code is side channel attacks, and no matter
> how good a programmer you are, you aren't going to code for side
> channel attacks because it intentionally makes your program slower...
>
> GCM for example will leak like a sieve if you use an 8bit lookup
> table, which is the best/fastest way to implement it on modern
> systems...
The view that side-channel attacks are *crypto* problem is like the FIPS approach to certification: Draw your boundaries, say "all the important stuff is inside this box I made up", show that the stuff inside is secure, and bam - you've got certification. The fact that stuff outside the box is sending all your cleartext to some unknown location on the Internet is just declared out of bounds.
The side-channel attacks we've seen concentrate on the crypto because that's code shared by many applications that deal in sensitive data, so attacking it gets you a great deal of bang for the buck. It also gets you bragging and publication rights.
I don't recall seeing any publications on power-analysis or timing-analysis or other such attacks against the functional code of any application. You know, the stuff that actually works on the "red" data directly.
If anyone is exploiting side-channel attacks in the real world - given all the simpler attacks available, it's not clear anyone needs to bother - I'll bet they're going against the soft underbelly - the vast bulk of code that does the actual work, with no one looking closely at it to see if it's vulnerable.
-- Jerry
More information about the cryptography
mailing list