An interesting new eprint on attacking AES using cache timings. It describes a weakness in the Linux completely fair scheduler that allows an attacker to gain a lot of information about the victim's cache accesses.
"Cache Games - Bringing Access Based Cache Attacks on AES to Practice" Endre Bangerter and David Gullasch and Stephan Krenn http://eprint.iacr.org/2010/594 What are people's thoughts on these kinds of local cache attacks, in terms of actual systems security? While obviously very powerful, I tend to think that once you have a focused attacker in an unprivledged account on your machine, you have bigger problems than losing your AES keys (maybe Midori or Coyotos or L4 will fix this someday). -Jack _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
