Jim Miller writes:
Combine this with some a standard crypto API for doing Web-based digital signatures or authentication or encryption and you may begin to see some possibilities.
Would it be possible to create a Java applet that causes the client machine to sign or encrypt something with their private key, and then send back timing info?
For the answer to be YES a few things need to be true. There needs to be some sort of standard crypto API in use that can be accessed by a Java script, and Java scripts need to be able to capture and send back timing info. Does anyone on this list know enough about Java to know if it can do any of these things?
[I've read a bit more about Java since you last asked the question, coincidentally, but I don't know a huge amount about it yet.] I think this scenario is certainly possible, from a technical point of view. Crypto APIs in general should force the user to be aware of how she is using her key material. Ultimately you can't save people from themselves. (One of my favorite non sequiturs. ;) User education helps. But just as users are tricked by various social engineering methods into divulging their account passphrases, so they can be duped into encrypting or signing for a stranger's timing pleasure. However, one would certainly hope that the crypto Java interfaces that get written are designed to mask timing information in the wake of Kocher. In fact, this is precisely the sort of thing "we" should consider promulgating.... -Futplex <futplex@pseudonym.com>