Hacker News new | comments | show | ask | jobs | submit login
AES timing variability at a glance (2005) (yp.to)
64 points by ColinWright 1401 days ago | hide | past | web | 7 comments | favorite



I highly recommend reading the explanation on how this is significant, it goes into more depth about timing attacks:

http://cr.yp.to/antiforgery/cachetiming-20050414.pdf


And a more recent revisiting of this subject, http://cseweb.ucsd.edu/~hovav/dist/aes_cache.pdf


So it seems that modern Intel x86 processors have hardware support for AES (http://en.wikipedia.org/wiki/AES_instruction_set). Does that solve the problem?


Pretty much, yes. The instructions are constant-time.


I like the presentation with the colored graphs, it definitely it a good way of demonstrating the problem.

However for his own implementation, it's hard to see how significant the residual timing attacks are. If fact just looking at the graph, and without the acknowledgment in the introduction, I'd be hard pressed to say that those pictures had any irregularity at all.


Wouldn't that just mean that you need a lot more tries to do a successful timing attack? Not sure if the regularity of his algorithm is enough to make it entirely impractical. I'm not even sure if it's not entirely impractical already using one of the less regular algorithms.


It would be interesting to see how things have progressed (or haven't) in the intervening years.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: