Jerrold Leichter <[EMAIL PROTECTED]> writes: > Usage in first of these may be subject to Bernstein's attack. It's much > harder to see how one could attack a session key in a properly implemented > system the same way. You would have to inject a message into the ongoing > session.
I gave an example yesterday. Perhaps you didn't see it. The new 802.11 wireless security protocols encrypt the on-air portion of communications, and are typically attached to ethernet bridges. If you want to, you can send any packet you like at an arbitrary box on the wireless segment from the main network, and have the wireless router act as a fine quality oracle for you for the AES key being used on air. It would be possible, though perhaps less convenient (since it would require tapping rather than just listening) to do something similar to a wide variety of VPN protocols. > However, if the protocol authenticates its messages, you'll never > get any response to an injected message. You don't need to in the above instances. You just need to be able to inject. People like to downplay the impact of attacks like this, but there are just too many scenarios "one didn't think of" in the security universe. Doubtless some other usage cases may get badly bitten by AES side channel attacks. Perry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]