> I read the paper James suggested, and it advocates achieving constant > time to solve timing attacks. How about doing the opposite, injecting > random duration no-ops in the decryption code?
That doesn't solve the problem. It makes an attacker’s job harder, but by making more requests and applying statistics the attacker can remove the affect of the random-duration no-ops. And it slows your code down. -- James Manger >> Take at look at http://www.imperialviolet.org/2013/02/04/luckythirteen.html >> for some idea about the care required to actually resist timing attacks. >> The Go language appears to have code with decent protections to avoid >> leaking crucial timing details: >> http://golang.org/src/pkg/crypto/rsa/pkcs1v15.go. _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
