
Differential Fault Analysis of SHA3-224 and SHA3-256 [pdf] - aburan28
http://eprint.iacr.org/2016/709.pdf
======
cleeus
tl;dr if an attacker can flip certain bits in one of the last phases of a SHA3
execution (e.g. through power glitching on a device) and can compare the
result with that of a correct execution, the internal state of the function
can be fully recovered. With short inputs, the whole input can be recovered.
This may pose a risk for MAC protocols where the attacker might be able to
reveal the secret.

Nothing to worry about outside of the hardware world.

~~~
blugblag
Hardware world? Do you mean the DDR4 ram in the hardware in your server? An
example of how bits can be flipped in modern hardware is the Row Hammer
Attack-
[https://en.wikipedia.org/wiki/Row_hammer](https://en.wikipedia.org/wiki/Row_hammer)

------
hclivess
can someone please tl;dr?

