Timing attacks are primarily an implementation issue, rather
than a protocol issue. The SSL 3.0 spec doesn't try to
describe all the things that implementations need to do
in order to be secure, as this would have been far too
complex and implementation-specific to include.
Having said this, I
Michael Sierchio <[EMAIL PROTECTED]> writes:
> I didn't mean to claim that no one would ever mount such an attack --
> just that there are enormous practical difficulties to getting any
> timing results via SSL session key creation.
Not really. The bad scenario is someone breaking in to a poorly
Perry E. Metzger wrote:
> Michael Sierchio <[EMAIL PROTECTED]> writes:
>
>>Timing analysis is of such little practical value that no one, to
>>my knowledge, is willing to obscure the average key agreement (DH)
>>or decryption (RSA) operation by adding random delays or by making
>>all pubkey opera
Michael Sierchio <[EMAIL PROTECTED]> writes:
> Timing analysis is of such little practical value that no one, to
> my knowledge, is willing to obscure the average key agreement (DH)
> or decryption (RSA) operation by adding random delays or by making
> all pubkey operations conform to the upper b
Kocher did work on the SSL v3.0 protocol, which corrects some errors
in the previous version. At the risk of repeating myself, timing
or power analysis attacks are not mounted against SSL, but against
the public key operations. Given the nature of their place in the
protocol, and that -- even i
>Date: Mon, 15 Jul 2002 16:08:22 -0700 (PDT)
>From: Shalendra Chhabra <[EMAIL PROTECTED]>
>Subject: an advise
>To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
>MIME-Version: 1.0
>X-Sender: Shalendra Chhabra <[EMAIL PROTECTED]>
>X-List-Manager: OpenSSL Majord
Shalendra Chhabra wrote:
> "Is SSL 3.0/TLS susceptible to Pauls Timing Analysis
> Attack"???
The protocols do not address the issue in any way -- this
is an implementation problem for the Public Key Crypto
component.
__
OpenSSL
