Re: [cryptography] AES side channel attack using a weakness in the Linux scheduler
On Wed, Nov 24, 2010 at 3:20 PM, coderman coder...@gmail.com wrote: On Wed, Nov 24, 2010 at 8:26 AM, Jack Lloyd ll...@randombit.net wrote: An interesting new eprint on attacking AES using cache timings Cache Games - Bringing Access Based Cache Attacks on AES to Practice Endre Bangerter and David Gullasch and Stephan Krenn http://eprint.iacr.org/2010/594 What are people's thoughts on these kinds of local cache attacks, in terms of actual systems security? good reasons to use a hardware AES implementation like AES-NI or XCRYPT. Or OpenSSL 1.0 which is immune (the paper references 0.9.8n and says 1.0 is immune). -Michael Heyman ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] AES side channel attack using a weakness in the Linux scheduler
On 25/11/10 3:26 AM, Jack Lloyd wrote: What are people's thoughts on these kinds of local cache attacks, in terms of actual systems security? While obviously very powerful, I tend to think that once you have a focused attacker in an unprivledged account on your machine, you have bigger problems than losing your AES keys (maybe Midori or Coyotos or L4 will fix this someday). Yes. I would call this a medium security architecture, no more. Anything that allows an attacker that close to a machine can't be considered to be hi-sec. Another giveaway for med-sec is using a random selection of letters for your security model... So if you've decided that you're only doing a medium security system then it's probably likely that you have not done a full analysis, and can easily accept the esoteric risk of a cache attack. iang PS: Didn't one of the authors of Rijdael write a toungue-in-cheek paper revealing a timing attack on AES? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography