On Tue, Jul 16, 2002 at 10:03:22PM -0000, Shalu wrote:
> Yeh u are right this was a problem for Pubic Key crypto systems
> but even in the implementation of these SSL or TLS first a master
> secret is set up with the help of
> pre master secret, which is done through the Public Key
> Cryptography like RSA, but I just wanted to know
> if the RSA or any other public key cryptosystem that we use in
> these protocols are they suspectible to Pauls
> Timing Analysis Attack or not? and If not why they are not? What
> has been done in them to take care so that
> they are not suscpetible to Pauls timing analysis attack
>
> (Paul was one of those persons only who had designed
> the SSL Protocol)
>
>
> Lutz: Will you also comment your comments are sometimes
> very much useful to me
As you asked me personally:
I did not have a deep look into this issue. It however seems to me, that
Michael Sierchio's point of view makes a lot of sense. On a system
running in practice, a lot of things influence the timing of an operation,
especially when it comes to a unix based system with its process scheduling
running several processes at a time, maybe swapping, maybe accessing
data on the hard disk. Thus from the practical point of view a timing
attack will be very difficult to mount.
I would not say that it is completly impossible, as has also been pointed
out in this thread, I however want to point out that:
* An AMD K6/500MHz will do approx 30 1024bit private RSAs per second.
Thus a top notch 2GHz machine without hardware accelerator could do
around 120 RSA per second (of course, one cannot simply scale like I
have just done, but it gives an idea about the range we are talking about).
* Therefore you cannot simply force the system to perform several hundreds
of thousands of handshakes without becoming visible. At 3600 seconds
per hour the machine could do 400.000 RSA per hour but it could do
just this and nothing else. In practice you cannot reach these numbers,
especially if you have to stay stealthy.
Now you have to go back and read out how many RSA operations it takes
to mount a timing attack. I don't know.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
