AES sidechannel attack by Osvik/Shamir/Tromer
Werner Koch
wk at gnupg.org
Mon Nov 21 18:54:41 CET 2005
On Mon, 21 Nov 2005 12:54:54 +0100, Moritz Muehlenhoff said:
> there's a paper by Osvik, Shamir and Tromer that discusses local
> side channel attacks on cache access times of AES tables:
> http://www.wisdom.weizmann.ac.il/~tromer/papers/cache.pdf
Not sure whether I read that paper, but these attacks on AES are based
on the assumption that there exists an oracle with a huge bandwidth.
Anyone implementing a cryptographic application and allowing for an
oracle is plain stupid.
Regarding local attacks: Using private keys on a multi-user machine is
not a good idea at all. Root will be able to compromise any key (not
just AES session keys but all public key operations) and further,
there are far too many local system exploits that it is definitely
easier to gain root than to mount complicated timing atatcks.
Salam-Shalom,
Werner
More information about the Gnupg-devel
mailing list