> This is a new attack, not the one Schneier was talking about. It's > very elegant work -- they actually implemented an attack that can > recover the long-term private key. The only caveat is that their > attack currently works on LANs, not WANs, because they need more > precise timing than is generally feasible over the Internet.
Hmmm... This means that it is safer for senior managers in a company to communicate using private ADSL Internet connections to their desktops rather than using a corporate LAN. Very interesting. Could IP Centrex be the wave of the future? Will ISPs offer random jitter insertion guarantees on such a service to foil people using timing attacks? --Michael Dillon
