[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Matt Blaze: Paul Kocher's timing attack

To: "William Allen Simpson" <bsimpson@morningstar.com>
Subject: Re: Matt Blaze: Paul Kocher's timing attack
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 11 Dec 1995 13:36:17 -0500
Cc: ipsec@ans.net, Matt Blaze <mab@research.att.com>
In-Reply-To: Your message of "Mon, 11 Dec 1995 15:27:33 GMT." <199512111543.AA21394@interlock.ans.net>
Reply-To: perry@piermont.com

"William Allen Simpson" writes:
> > From: "Perry E. Metzger" <perry@piermont.com>
> > ------- Forwarded Message
> > The attack requires only a few thousand ciphertext samples and works
> > against most implementations of public-key cryptosystems in which
> > the attacker can measure accurately the target's computation time for
> > each sample.
> >
> This will be fixed in Photuris by dithering the return time of the
> Identification_Message.  A few extra milliseconds on top of a second
> won't be a problem.  Thanks for bringing this up!

Actually, it might be better to determine the length of time the
maximal computation takes and to assure (by checking the time before
and after the computation, and then sleeping for a moment) that all
computations appear to take the same amount of time to an outsider.

Perry

References:

Re: Matt Blaze: Paul Kocher's timing attack

From: "William Allen Simpson" <bsimpson@morningstar.com>

Prev by Date: Paul Kocher's timing attack
Next by Date: Re: Paul Kocher's timing attack
Prev by thread: Re: Matt Blaze: Paul Kocher's timing attack
Next by thread: Re: Multiple Transforms per SPI
Index(es):
- Main
- Thread