From: Simon Spero <ses@tipper.oit.unc.edu>
To: Jeff Weinstein <jsw@netscape.com>
Message Hash: 017d2a465f26d459d709a0978271458f0e7b3375f87edf61b199471c4e8b43b3
Message ID: <Pine.SUN.3.91.951212104716.29421B-100000@tipper.oit.unc.edu>
Reply To: <30CC0D31.293C@netscape.com>
UTC Datetime: 1995-12-12 16:56:02 UTC
Raw Date: Wed, 13 Dec 1995 00:56:02 +0800
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Wed, 13 Dec 1995 00:56:02 +0800
To: Jeff Weinstein <jsw@netscape.com>
Subject: Re: Timing Cryptanalysis Attack
In-Reply-To: <30CC0D31.293C@netscape.com>
Message-ID: <Pine.SUN.3.91.951212104716.29421B-100000@tipper.oit.unc.edu>
MIME-Version: 1.0
Content-Type: text/plain
On Mon, 11 Dec 1995, Jeff Weinstein wrote:
>
> While an exploit of this attack against our software has not
> been demonstrated, and there is some debate about whether it
> will even work, we are taking it very seriously. We've been
> working with Paul to develop a fix, which we will implement
> even if the attack is never proven effective against our software.
>
My gut & scribble-on-the-back-of-a-napkin feeling about this class of
attack is that it could be a problem for smartcards (almost certainly),
and possibly for non-routed networks (possibly - napkin was too small
:-), but is not going to viable on internetworks where routers are in
use; if a packet enters a queue at any point in its path, then the
transit time will be quantised by the time it drains the queue, which is
basically controlled by the time it takes to drain previously queued
packets; this will destroy any microsecond level correlations that may
have been leaked. Ron is supposed to be doing a presentation at WWW IV
later this week - hopefully he'll give his opinion on this.
Definitely a really neat hack, even if it isn't always practical.
Simon
p.s.
Someone mentioned adding random timings instead of padding out to a
constant time. This won't work (adding noise doesn't destroy a signal -
just increases the effort needed to isolate it)
Return to December 1995
Return to “Tom Weinstein <tomw@netscape.com>”