1995-12-11 - Timing Attacks

Header Data

From: “Rev. Ben” <samman-ben@CS.YALE.EDU>
To: Den of CryptoAnarchists <cypherpunks@toad.com>
Message Hash: d59b7c8c560fc59855ba54b09796aab77e450e11161ea75bfb7ffcc451c90486
Message ID: <Pine.A32.3.91.951211141205.26486F-100000@FROG.ZOO2.CS.YALE.EDU>
Reply To: N/A
UTC Datetime: 1995-12-11 22:14:36 UTC
Raw Date: Tue, 12 Dec 1995 06:14:36 +0800

Raw message

From: "Rev. Ben" <samman-ben@CS.YALE.EDU>
Date: Tue, 12 Dec 1995 06:14:36 +0800
To: Den of CryptoAnarchists <cypherpunks@toad.com>
Subject: Timing Attacks
Message-ID: <Pine.A32.3.91.951211141205.26486F-100000@FROG.ZOO2.CS.YALE.EDU>
MIME-Version: 1.0
Content-Type: text/plain


I'm not so sure I see the great usefulness of this attack.

I've taken a cursory glance at Mr. Kocher's paper on-line and what it 
comes down to essentially, if I undestand it correctly, is that you need 
to be as sure of the timing as you can be.

Now, on a distributed system, you can't measure those timings, because 
any latency  could come from the originating computer, the links in the 
middle or any combination of them.

Also precise timings can be limited by fluctuating load averages amongst 
other things in a time-sharing computing environment.  While this might 
work in a lab, with the current advances in computing speed, the 
differences between a fast and a slow calculation can easily be opaqued 
by network lag.

Am I missing something, or does this attack only work in a lab?


Ben.
____
Ben Samman..............................................samman@cs.yale.edu
"If what Proust says is true, that happiness is the absence of fever, then
I will never know happiness. For I am possessed by a fever for knowledge,
experience, and creation."                                      -Anais Nin
PGP Encrypted Mail Welcomed      Finger samman@powered.cs.yale.edu for key







Thread