1995-12-12 - Re: Timing Cryptanalysis Attack

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: cypherpunks@toad.com
Message Hash: f08bfb8b58d3fa271b6baab5e96b78df7a43a1969e3ff776d9a67227fd428b69
Message ID: <199512121306.IAA02006@jekyll.piermont.com>
Reply To: <199512120058.BAA25991@utopia.hacktic.nl>
UTC Datetime: 1995-12-12 13:06:37 UTC
Raw Date: Tue, 12 Dec 95 05:06:37 PST

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 12 Dec 95 05:06:37 PST
To: cypherpunks@toad.com
Subject: Re: Timing Cryptanalysis Attack
In-Reply-To: <199512120058.BAA25991@utopia.hacktic.nl>
Message-ID: <199512121306.IAA02006@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Anonymous writes:
> "Perry E. Metzger" <perry@piermont.com> writes:
> 
>  > Timings like the ones listed are trivial to take in
>  > establishing things like SSL sessions, or Photuris sessions.
>  > The danger is to online protocols, not to PGP.
> 
> This must be a new and interesting definition of the word
> "trivial" with which I was previously unfamiliar.
> 
> Quite frankly, I would be extremely surprised if anyone mounted a
> successful hostile attack against a server's RSA certificate
> using timings of remotely initiated SSL sessions outside of a
> controlled laboratory environment.

Go ahead and trust that no one can do it, then. Considering that NTP
can synch up clocks over the net with astonishing accuracy with
multiple probes, it would be hard to believe that you couldn't
similarly dramatically reduce the effects of network delays for the
purposes of mounting an attack on an RSA key, too.

However, if you don't believe it is possible, why, go ahead and ignore
it. Not my problem what you do.

Perry





Thread