[12561] in cryptography@c2.net mail archive
Re: [Bodo Moeller ] OpenSSL Security Advisory: Timing-based attacks on SSL/TLS with CBC encryption
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Sun Feb 23 13:08:19 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
To: "Steven M. Bellovin" <smb@research.att.com>
Cc: cryptography@wasabisystems.com
Reply-To: EKR <ekr@rtfm.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: 21 Feb 2003 09:32:53 -0800
In-Reply-To: <20030221141711.C97F67B6C@berkshire.research.att.com>
"Steven M. Bellovin" <smb@research.att.com> writes:
> I'm struck by the similarity of this attack to Matt Blaze's master key
> paper. In each case, you're guessing at one position at a time, and
> using the response of the security system as an oracle. What's crucial
> in both cases is the one-at-a-time aspect -- that's what makes the
> attack linear instead of exponential.
Indeed.
And of course, both attacks resemble the old password guessing
attack on character by character passwords where you time how
long password verification takes. (The details are pretty
hazy but ISTR that you arranged for the password to cross
a page boundary to increase the time discrimination).
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
