Re: Successful remote AES key extraction
From: D. J. Bernstein (djb_at_cr.yp.to)
Date: 04/20/05
- Next message: jstevh_at_msn.com: "SF: Some basic facts"
- Previous message: jstevh_at_msn.com: "Re: JSH: Surrogate Factoring Fails Completely, What Next?"
- In reply to: Tom St Denis: "Re: Successful remote AES key extraction"
- Next in thread: Tom St Denis: "Re: Successful remote AES key extraction"
- Reply: Tom St Denis: "Re: Successful remote AES key extraction"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 19 Apr 2005 23:11:51 +0000 (UTC)
Tom St Denis wrote:
> The AES specification specifies only the algorithm not it's implementation.
The AES designers and official evaluators
* considered timing attacks in detail,
* claimed that table lookup was ``not vulnerable to timing attacks,''
* claimed that Rijndael gained a ``major speed advantage over its
competitors'' for software protected against timing attacks,
* made the same comment in its summaries of the finalists, and
* made the same comment in its paragraph explaining the selection of
Rijndael.
The problem is that, when they stated ``Table lookup: not vulnerable to
timing attacks,'' they were simply wrong. Table lookup _is_ vulnerable
to timing attacks.
All of this is in the published record of the AES selection process. See
Section 7 of my paper for citations.
---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago
- Next message: jstevh_at_msn.com: "SF: Some basic facts"
- Previous message: jstevh_at_msn.com: "Re: JSH: Surrogate Factoring Fails Completely, What Next?"
- In reply to: Tom St Denis: "Re: Successful remote AES key extraction"
- Next in thread: Tom St Denis: "Re: Successful remote AES key extraction"
- Reply: Tom St Denis: "Re: Successful remote AES key extraction"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
