1 Aug
2014
1 Aug
'14
4:08 a.m.
On 01.08.2014 10:02, Friedrich Wiemer wrote:
Well, how about something like
inConstantTime :: timeBudget -> (functionToPerform :: CryptoResult) -> IO (Maybe CryptoResult)
I'm no expert, but aren't timing attacks also possible with something like that. If your `functionToPerform' touches the cache in funny ways, the program after resuming from the timeout might have different timings as there could be cache misses in one scenario, but not the other.
One would need to add countermeasures for this sidechannel, too, I guess.
Countermeasures here, countermeasures there, and the best language to do it is C. I find it hard to believe.