From: “Jonathan M. Bresler” <jmb@FreeBSD.ORG>
To: Hal <hfinney@shell.portal.com>
Message Hash: 8984dcd7636a00a0d6eb47b65e3ecc04f835ec23e05073da52fc8593faf436d2
Message ID: <Pine.BSF.3.91.951216181017.28505B-100000@Aspen.Woc.Atinc.COM>
Reply To: <199512151457.GAA27245@jobe.shell.portal.com>
UTC Datetime: 1995-12-17 00:01:27 UTC
Raw Date: Sun, 17 Dec 1995 08:01:27 +0800
From: "Jonathan M. Bresler" <jmb@FreeBSD.ORG>
Date: Sun, 17 Dec 1995 08:01:27 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: kocher's timing attack
In-Reply-To: <199512151457.GAA27245@jobe.shell.portal.com>
Message-ID: <Pine.BSF.3.91.951216181017.28505B-100000@Aspen.Woc.Atinc.COM>
MIME-Version: 1.0
Content-Type: text/plain
On Fri, 15 Dec 1995, Hal wrote:
> As Kocher's paper implies, the known ciphertext attack is a TIMING
> attack. Simply accumulating known text/signature pairs as you would have
> after a "key signing party" does not help. You must know exactly how
> much time each signature took.
how to use a timing attack? across a network? on the same host
(therefore multiuser)? or on a dedicated host, with a know algorithm
and known ciphertext running DOS (no kernel or anything to preempt the
process)? using the famous appendix H registers of a 586 allows you to
time the processing of instructions very well.
dont have to know how long it takes to encrypt ahead of time.
walk the key bit by bit (ouch bad pun) guessing 1 or 0 each time and
looking to see if the correlations continue to appear or not. horrendous
problem, but a lot better than brute force.
i really need to read the final paper when it is issued.
jmb
Jonathan M. Bresler FreeBSD Postmaster jmb@FreeBSD.ORG
play go. ride bike. hack FreeBSD.--ah the good life
i am moving to a new job. PLEASE USE: jmb@FreeBSD.ORG
Return to December 1995
Return to ““Jonathan M. Bresler” <jmb@FreeBSD.ORG>”