Hi David On Mon, 2010-09-06 at 13:50 -0700, David Anderson wrote:
- Simple timing attacks: If code path A takes longer than code path B to execute, an attacker can use that information to reverse engineer the outcome of branching tests, and from there possibly recover secret key material. This is particularly nasty because the attack can be carried out remotely, by repeatedly executing the protocol in a way that exercises the vulnerable code path.
I do not know much about cryptography, so I may be writing nonsense here, but it seems to me that it should not be too hard insuring that all wrongly encrypted data takes equally long to process. One could use an algorithm like: * make interrupt/timer that will finish in one second * process data from client * If data is correctly encrypted, stop interrupt/timer and return information to the client * If data is wrongly encrypted, prepare error-result, (busy) wait for interrupt/timer to finish, return result to client That will mean that all clients, that uses a wrong key, will take one second to finish. But as clients, with a correct key, finishes fast I do not see any problems. What am I missing here? /Mads