[cryptography] AES side channel attack using a weakness in the Linux scheduler

mheyman at gmail.com mheyman at gmail.com
Fri Nov 26 12:57:07 EST 2010


On Wed, Nov 24, 2010 at 3:20 PM, coderman <coderman at gmail.com> wrote:
> On Wed, Nov 24, 2010 at 8:26 AM, Jack Lloyd <lloyd at randombit.net> wrote:
>>
>> An interesting new eprint on attacking AES using cache timings....
>> "Cache Games - Bringing Access Based Cache Attacks on AES to Practice"
>> Endre Bangerter and David Gullasch and Stephan Krenn
>> http://eprint.iacr.org/2010/594
>>
>> What are people's thoughts on these kinds of local cache attacks, in
>> terms of actual systems security?
>
> good reasons to use a hardware AES implementation like AES-NI or XCRYPT.
>
Or OpenSSL 1.0 which is immune (the paper references 0.9.8n and says
1.0 is immune).
----
-Michael Heyman



More information about the cryptography mailing list