[cryptography] AES side channel attack using a weakness in the Linux scheduler

coderman coderman at gmail.com
Sat Nov 27 11:19:39 EST 2010


On Fri, Nov 26, 2010 at 9:57 AM, mheyman at gmail.com <mheyman at gmail.com> wrote:
> ...
> Or OpenSSL 1.0 which is immune

you should qualify such statements made about software mitigations on
side channels, particularly cache timing. :)

there are more than a few trivial protections in various
implementations [not OpenSSL current, per se] that cover usual cache
line side channels but leaky sieve in branch prediction cache or
hyper-threading context. and what other esoteric / future cache timing
attacks to be discovered?

hardware implementations are (usually) preferable given the broad
protection provided against entire class of data cache, branch
prediction, and other CPU / host level cache timing attacks.

as mentioned previously, this is probably the least of your concerns.
usability improvement of low latency hw implementations is surely more
effective rationale than risks of key compromise through local cache
timing side channel...

best regards,



More information about the cryptography mailing list