[12557] in cryptography@c2.net mail archive
Re: [Bodo Moeller ] OpenSSL Security Advisory: Timing-based attacks on SSL/TLS with CBC encryption
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Fri Feb 21 10:43:31 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
From: "Steven M. Bellovin" <smb@research.att.com>
To: EKR <ekr@rtfm.com>
Cc: cryptography@wasabisystems.com
In-Reply-To: Your message of "20 Feb 2003 16:50:10 PST."
<kjlm0azccd.fsf@romeo.rtfm.com>
Date: Fri, 21 Feb 2003 09:17:11 -0500
I'm struck by the similarity of this attack to Matt Blaze's master key
paper. In each case, you're guessing at one position at a time, and
using the response of the security system as an oracle. What's crucial
in both cases is the one-at-a-time aspect -- that's what makes the
attack linear instead of exponential.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
