On Fri, 15 Dec 1995, Hal wrote:
As Kocher's paper implies, the known ciphertext attack is a TIMING attack. Simply accumulating known text/signature pairs as you would have after a "key signing party" does not help. You must know exactly how much time each signature took.
how to use a timing attack? across a network? on the same host (therefore multiuser)? or on a dedicated host, with a know algorithm and known ciphertext running DOS (no kernel or anything to preempt the process)? using the famous appendix H registers of a 586 allows you to time the processing of instructions very well. dont have to know how long it takes to encrypt ahead of time. walk the key bit by bit (ouch bad pun) guessing 1 or 0 each time and looking to see if the correlations continue to appear or not. horrendous problem, but a lot better than brute force. i really need to read the final paper when it is issued. jmb Jonathan M. Bresler FreeBSD Postmaster jmb@FreeBSD.ORG play go. ride bike. hack FreeBSD.--ah the good life i am moving to a new job. PLEASE USE: jmb@FreeBSD.ORG