[Cryptography] Maybe those million-bit-key cryptosystems have something to offer after all....
Tom Mitchell
mitch at niftyegg.com
Sun Jul 29 01:38:50 EDT 2018
On Sat, Jul 28, 2018 at 4:05 AM, Jerry Leichter <leichter at lrw.com> wrote:
> A common theme of amateurish or over-hyped cryptosystems - at least a
> couple of years back; this seems to have faded - was the use of super-long
> keys for "higher security". Realistically, all a longer key gives you is
> security against brute force attack, and 256 bits is already way beyond
> anything that can be attacked by any foreseeable technology. And yet....
>
> Consider https://arstechnica.com/gadgets/2018/07/new-spectre-
> attack-enables-secrets-to-be-leaked-over-a-network/ (contains link to the
> technical paper) which describes a Spectre-like attack that can be carried
> out over a network, without downloading any code to the system under
> attack. It's one of a class of slow side-channel attacks - very slow; 1-3
> bits per hour attacking a system in the Google Cloud over the Internet.
> (They got it up to a bit per minute over a local network.
>
There needs to be a revision or footnote to "Covert Channel Analysis"
(light pink of the rainbow series).
The assumption is that data is data, but this makes a special case for much
lower bit rates from Spectre
like mitigation fixes where high value keys might reside. Leveraged
asymmetric attacks...
https://fas.org/irp/nsa/rainbow/tg030.htm <-- light pink
"This policy allows for the existence of storage channels that are not
auditable. Also, it allows for the possibility that covert storage and
timing channels with bandwidths over B = 1 bit/second will exist in secure
systems. However, the suggested values of b = 0.1 bits/second and B = 1
bit/ second are not justified based on any specific policy. The only basis
for deriving these values is the determination that:
- "Covert channel handling may impose performance penalties, and that
bandwidths of 1 bit/second are acceptable in most environments; and
- "Although covert channels with bandwidth of over 1 bit/second may be
allowed in a secure system, covert channels with bandwidths of over 100
bits/second approximate the rate at which many (old) computer terminals are
run (or users can type). Therefore, the existence of such channels in a
secure computer system would seem inappropriate."
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180728/0e5536d4/attachment.html>
More information about the cryptography
mailing list