1995-12-11 - Re: Timing Cryptanalysis Attack

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: Eric Young <eay@mincom.oz.au>
Message Hash: 0e10ee1fb57b984492d7de22e2d037bbf4c929656004830cb98ec2b0422a3d38
Message ID: <199512111813.NAA02194@jekyll.piermont.com>
Reply To: <Pine.SOL.3.91.951211192419.28608P-100000@orb>
UTC Datetime: 1995-12-11 22:50:02 UTC
Raw Date: Tue, 12 Dec 1995 06:50:02 +0800

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 12 Dec 1995 06:50:02 +0800
To: Eric Young <eay@mincom.oz.au>
Subject: Re: Timing Cryptanalysis Attack
In-Reply-To: <Pine.SOL.3.91.951211192419.28608P-100000@orb>
Message-ID: <199512111813.NAA02194@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Eric Young writes:
> Read the SKIP spec (SKIP is Sun's IP level encryption protocol).  It uses
> Diffle-Hellman certificates.

Photuris, which likely will be the standard way to do this sort of
thing on top of IPsec, also suffers from the problem, but I suspect
the next version of the draft (number 9) will have it fixed.

More interesting is the fact that a number of NSA vetted protocols
seem to have the flaw. Obviously, they either didn't know or didn't
say anything about it to the folks designing such stuff...

Perry





Thread