1995-12-12 - Re: Timing Cryptanalysis Attack

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: Matt Blaze <mab@crypto.com>
Message Hash: 5b7ee6c4bde08335de0e27a98222ed7209f5ca9def27bf70d0d506703212cb00
Message ID: <199512111944.OAA02490@jekyll.piermont.com>
Reply To: <199512111906.OAA01139@crypto.com>
UTC Datetime: 1995-12-12 21:53:55 UTC
Raw Date: Wed, 13 Dec 1995 05:53:55 +0800

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 13 Dec 1995 05:53:55 +0800
To: Matt Blaze <mab@crypto.com>
Subject: Re: Timing Cryptanalysis Attack
In-Reply-To: <199512111906.OAA01139@crypto.com>
Message-ID: <199512111944.OAA02490@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Matt Blaze writes:
> >The trivial way to handle this is simply to check user time with the
> >right system calls and make sure it always comes out the same with an
> >apropriate number of sleeps.
> 
> Of course, this works against a remote adversary, but not against one
> on the same machine who can look at actual CPU consumption (which doesn't
> increase when the target is blocked).

True enough, but using busy loops could handle that. However, I must
admit to being far more interested in handling the remote case
efficiently, especially given concerns people have about using
Photuris like systems on heavily pounded servers.

Perry

Thread

• Return to December 1995

• Return to “Adam Shostack <adam@lighthouse.homeport.org>”
• Return to “anon-remailer@utopia.hacktic.nl (Anonymous)”
• Return to “Black Unicorn <unicorn@schloss.li>”
• Return to “Eric Young <eay@mincom.oz.au>”
• Return to “fc@all.net (Dr. Frederick B. Cohen)”
• Return to “Jeff Weinstein <jsw@netscape.com>”
• Return to “Jim Gillogly <jim@acm.org>”
• Return to ““Josh M. Osborne” <stripes@va.pubnix.com>”
• Return to “Matt Blaze <mab@crypto.com>”
• Return to “Nathaniel Borenstein <nsb@nsb.fv.com>”
• Return to ““Perry E. Metzger” <perry@piermont.com>”
• Return to “Peter Monta <pmonta@qualcomm.com>”
• Return to “Simon Spero <ses@tipper.oit.unc.edu>”

• Return to “Tom Weinstein <tomw@netscape.com>”

• 1995-12-11 (Mon, 11 Dec 1995 17:12:49 +0800) - Timing Cryptanalysis Attack - anon-remailer@utopia.hacktic.nl (Anonymous)
  • 1995-12-11 (Mon, 11 Dec 1995 17:55:55 +0800) - Re: Timing Cryptanalysis Attack - Eric Young <eay@mincom.oz.au>
    • 1995-12-11 (Tue, 12 Dec 1995 06:50:02 +0800) - Re: Timing Cryptanalysis Attack - “Perry E. Metzger” <perry@piermont.com>
  • 1995-12-11 (Mon, 11 Dec 1995 18:27:46 +0800) - Re: Timing Cryptanalysis Attack - Tom Weinstein <tomw@netscape.com>
    • 1995-12-11 (Tue, 12 Dec 1995 05:04:23 +0800) - Re: Timing Cryptanalysis Attack - Eric Young <eay@mincom.oz.au>
    • 1995-12-11 (Tue, 12 Dec 1995 05:31:37 +0800) - Re: Timing Cryptanalysis Attack - “Perry E. Metzger” <perry@piermont.com>
      • 1995-12-11 (Tue, 12 Dec 1995 07:02:56 +0800) - Re: Timing Cryptanalysis Attack - Matt Blaze <mab@crypto.com>
        • 1995-12-12 (Tue, 12 Dec 1995 13:05:05 +0800) - Re: Timing Cryptanalysis Attack - Peter Monta <pmonta@qualcomm.com>
          • 1995-12-13 (Wed, 13 Dec 1995 22:33:48 +0800) - Re: Timing Cryptanalysis Attack - “Josh M. Osborne” <stripes@va.pubnix.com>
        • 1995-12-12 (Wed, 13 Dec 1995 05:53:55 +0800) - Re: Timing Cryptanalysis Attack - “Perry E. Metzger” <perry@piermont.com>
      • 1995-12-12 (Tue, 12 Dec 1995 14:01:08 +0800) - Re: Timing Cryptanalysis Attack - Tom Weinstein <tomw@netscape.com>
        • 1995-12-12 (Tue, 12 Dec 1995 14:55:20 +0800) - Re: Timing Cryptanalysis Attack - “Perry E. Metzger” <perry@piermont.com>
          • 1995-12-12 (Tue, 12 Dec 1995 11:25:32 +0800) - Re: Timing Cryptanalysis Attack - Tom Weinstein <tomw@netscape.com>
    • 1995-12-12 (Tue, 12 Dec 1995 14:37:57 +0800) - Re: Timing Cryptanalysis Attack - Peter Monta <pmonta@qualcomm.com>
  • 1995-12-11 (Tue, 12 Dec 1995 05:10:34 +0800) - Re: Timing Cryptanalysis Attack - Nathaniel Borenstein <nsb@nsb.fv.com>
    • 1995-12-12 (Wed, 13 Dec 1995 05:54:04 +0800) - Re: Timing Cryptanalysis Attack - Jim Gillogly <jim@acm.org>
      • 1995-12-12 (Wed, 13 Dec 1995 01:21:21 +0800) - Re: Timing Cryptanalysis Attack - Adam Shostack <adam@lighthouse.homeport.org>
        • 1995-12-12 (Wed, 13 Dec 1995 02:06:25 +0800) - Re: Timing Cryptanalysis Attack - fc@all.net (Dr. Frederick B. Cohen)
        • 1995-12-12 (Wed, 13 Dec 1995 04:31:34 +0800) - Re: Timing Cryptanalysis Attack - Adam Shostack <adam@lighthouse.homeport.org>
        • 1995-12-13 (Wed, 13 Dec 1995 17:31:54 +0800) - Re: Timing Cryptanalysis Attack - Tom Weinstein <tomw@netscape.com>
  • 1995-12-11 (Tue, 12 Dec 1995 05:53:30 +0800) - Re: Timing Cryptanalysis Attack - Jeff Weinstein <jsw@netscape.com>
    • 1995-12-12 (Tue, 12 Dec 1995 14:39:12 +0800) - Re: Timing Cryptanalysis Attack - Adam Shostack <adam@lighthouse.homeport.org>
      • 1995-12-12 (Tue, 12 Dec 1995 11:39:15 +0800) - Re: Timing Cryptanalysis Attack - Jeff Weinstein <jsw@netscape.com>
      • 1995-12-12 (Tue, 12 Dec 95 01:45:37 PST) - Re: Timing Cryptanalysis Attack - Black Unicorn <unicorn@schloss.li>
    • 1995-12-12 (Wed, 13 Dec 1995 00:56:02 +0800) - Re: Timing Cryptanalysis Attack - Simon Spero <ses@tipper.oit.unc.edu>
  • 1995-12-11 (Tue, 12 Dec 1995 06:50:11 +0800) - Re: Timing Cryptanalysis Attack - “Perry E. Metzger” <perry@piermont.com>