Though this issue is of keen interest to those of us concerned with
secure communications, it's only ancillary to to firewalls. I'd
encourage those who want to pursue this further to frequent the
sci.crypt newsgroup.
But not 'till I get my last word in. ;-)
djj1 @
riffraff .
osi .
com (Derik Jarne x353-2490) wrote:
>It would seem that a random pause built into the source code that
>authenticates the key would truly throw off any timing attacks.
>(i.e command qualifier for startup or some formula based on system
> clock).
I'm not qualified to follow all the math in the paper myself (despite
Prof. Trimble's best efforts. ;-) But the gist is quite clear,
including the part that says:
Random delays added to the processing time may increase the number
of ciphertexts required, but do not completely solve the problem
since attackers can compensate for the delay by collecting more
measurements. (If enough random noise is added, the attack can
become infeasible.
I'd encourage all future commentators to please keep the noise level
down by not commenting unless 1) it's related to firewalls, 2) you've
read the paper, and 3) you know what you're talking about. Since I
fail #3, I've refrained from adding my two cents worth (it'd be worth
more like 0.5 cents) except to refer people back to #2.
--
KH
|
|
