Re: Adi Shamir's microprocessor bug attack

[David Farber <dfarber () cs cmu edu>]

Begin forwarded message:

From: "James A. Donald" <jamesd () echeque com>
Date: November 20, 2007 10:41:51 PM EST
To: "' =JeffH '" <Jeff.Hodges () KingsMountain com>
Cc: cryptography () metzdowd com
Subject: Re: fyi: Adi Shamir's microprocessor bug attack

If I understand this correctly, this is a chosen crypto
text attack.  The attacker constructs a crypto text, the
target decrypts it, and the target then reveals the
decrypted text to the attacker.

But what should happen is that he decrypts a key to be
used in symmetric decryption, applies it, gets garbage,
message checksum fails, message discarded.

Alternatively attacker sends text to be signed by target
- but most signature algorithms contain some random
salt.  If they don't, they should.

Public key systems are not robust if the holder of the
secret key makes an oracle available for decrypting or
signing attacker chosen text.  This attack does not make
them substantially less robust.



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo () metzdowd com


-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com