From: anon-remailer@utopia.hacktic.nl (Anonymous)
Date: Wed, 13 Dec 1995 11:33:35 +0800
To: cypherpunks@toad.com
Subject: Re: Timing Cryptanalysis Attack
Message-ID: <199512120058.BAA25991@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



"Perry E. Metzger" <perry@piermont.com> writes:

 > Timings like the ones listed are trivial to take in
 > establishing things like SSL sessions, or Photuris sessions.
 > The danger is to online protocols, not to PGP.

This must be a new and interesting definition of the word
"trivial" with which I was previously unfamiliar.

Quite frankly, I would be extremely surprised if anyone mounted a
successful hostile attack against a server's RSA certificate
using timings of remotely initiated SSL sessions outside of a
controlled laboratory environment.

"Timing Cryptanalysis" is one of those really cute "obvious with
20-20 hindsight" discoveries, but not one which is likely to be
reliably employed by an opponent except under very carefully
controlled circumstances.

Peter Trei and others have already outlined excellent reasons for
such skepticism, so I won't bother rehashing them here.

 > Any reason you felt you had to say this anonymously?

Yes.  I wanted to try the nifty WWW-based remailer at
http://www.replay.com/remailer/anon.html.  Also, it's nice to
have a pseudo-anonymous identity now that government regulation
of the Net is looming on the horizon. Feel free to compare my
writing style, margins, and quote string with other posts on the
list in order to determine my likely "real life" identity.

                                      -Bourbaki 137