Timing attacks, Twofish housekeeping

Werner Koch wk at gnupg.org
Mon Sep 23 12:23:01 CEST 2002

On Sun, 22 Sep 2002 22:13:23 -0400 (EDT), mskala  said:

> So I wanted to ask the list: are timing attacks an issue for us at
> all?  How much effort is it worth to eliminate them?

I don't hink that this is a problem for a software only
implementation.  On a multi-user machine it won't be easy to time an
application of another user.  Root can do so but well, there are far
easier things he can do.

If the code is used without GnuPG, for example in a TCP stack, there
is of course a small risk that one could mount a timing attack.  I
don't think that this is very likley.



More information about the Gnupg-devel mailing list