Re: Time-Memory-Key tradeoff attacks?

2005-07-06 Thread D. J. Bernstein
(and, I think, more clearly) in my paper. My paper also analyzes the merits of various defenses against the attack. ---D. J. Bernstein, Associate Professor, Department of Mathematics, Statistics, and Computer Science, University of Illinois at Chicago

Re: Optimisation Considered Harmful

2005-06-25 Thread D. J. Bernstein
attacks. (Subsequent versions of the poly1305 paper report even more timing information but, for space reasons, have to compress the information into small graphs. Big tables are on the web.) ---D. J. Bernstein, Associate Professor, Department of Mathematics, Statistics, and Computer Science

Re: Protecting against the cache-timing attack.

2005-06-25 Thread D. J. Bernstein
undergraduate will figure out a remote exploit for a less extreme form of the effect. Section 13 of my paper discusses a solution to the interrupt problem, but that solution requires massive software changes. I'm not aware of simpler solutions. ---D. J. Bernstein, Associate Professor, Department

Re: AES cache timing attack

2005-06-20 Thread D. J. Bernstein
is considered to be a fatal flaw in a cryptographic standard. The user isn't supposed to have to worry that someone who influences part of the plaintext will be able to read all the rest. ---D. J. Bernstein, Associate Professor, Department of Mathematics, Statistics, and Computer Science