[1681] in cryptography@c2.net mail archive
Kocher timing attacks revisited
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Thu Oct 2 17:58:48 1997
Date: Thu, 2 Oct 1997 17:57:24 -0400 (EDT)
From: "Perry E. Metzger" <perry@piermont.com>
To: cryptography@c2.net
Reply-to: perry@piermont.com
Van Jacobson's PATHCHAR program is a neat creation that determines the
speed of far distant internet links by using statistical techniques on
round trip times -- by noting tiny differences in timing between small
and long packets on distant networks, the distinction between T1s,
T3s, OC3s, etc. can be determined with astonishing accuracy.
Why do I mention this? It occurs to me that the statistical methods he
uses could also, probably, be used to carry out Kocher style timing
measurement attacks on distant servers. I suspect that such attacks
are far less infeasable than has been supposed by many.
Are people using countermeasures for these methods yet, or are they
still ignoring them?
Perry
