[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kocher's timing attack

To: Hal <[email protected]>
Subject: Re: kocher's timing attack
From: "Jonathan M. Bresler" <[email protected]>
Date: Sat, 16 Dec 1995 18:15:42 -0500 (EST)
Cc: [email protected], [email protected]
In-Reply-To: <[email protected]>
Sender: [email protected]

On Fri, 15 Dec 1995, Hal wrote:

> As Kocher's paper implies, the known ciphertext attack is a TIMING
> attack.  Simply accumulating known text/signature pairs as you would have
> after a "key signing party" does not help.  You must know exactly how
> much time each signature took.

	how to use a timing attack?  across a network?  on the same host 
(therefore multiuser)?   or on a dedicated host, with a know algorithm 
and known ciphertext running DOS (no kernel or anything to preempt the 
process)?   using the famous appendix H registers of a 586 allows you to 
time the processing of instructions very well.

	dont have to know how long it takes to encrypt ahead of time.  
walk the key bit by bit (ouch bad pun) guessing 1 or 0 each time and 
looking to see if the correlations continue to appear or not.  horrendous 
problem, but a lot better than brute force.

	i really need to read the final paper when it is issued.

jmb

Jonathan M. Bresler        FreeBSD Postmaster         [email protected]
play go. ride bike. hack FreeBSD.--ah the good life 
i am moving to a new job.                 PLEASE USE: [email protected]

References:
- Re: kocher's timing attack
  - From: Hal <[email protected]>

Prev by Date: Re: Motorola Secure Phone
Next by Date: taking electronic privacy into our own hands
Prev by thread: Re: kocher's timing attack
Next by thread: Digital Sigs and the Bar Committee
Index(es):
- Date
- Thread