18 Sep
2019
18 Sep
'19
12:42 a.m.
On Wed, 18 Sep 2019 at 02:19, Paul Koning via cctalk
<cctalk at classiccmp.org> wrote:
... Wow.
*Wow.*
Thanks for those!
--
Liam Proven - Profile: https://about.me/liamproven
Email: lproven at cix.co.uk - Google Mail/Hangouts/Plus: lproven at gmail.com
Twitter/Facebook/Flickr: lproven - Skype/LinkedIn: liamproven
UK: +44 7939-087884 - ?R (+ WhatsApp/Telegram/Signal): +420 702 829 053
...
Speaking of timing, that reminds me of two amazing security holes written up in the past
few years. Nothing to do with the Spectre etc. issue.
One is the recovery of speech from an encrypted VoIP channel such as Skype, by looking at
the sizes of the encrypted data blocks. (Look for a paper named "Hookt on
fon-iks" by White et al.) The fix for this is message padding.
The other is the recovery of the RSA private key in a smartphone by listening to the
sound it makes while decrypting. The fix for this is timing tweaks in the decryption
inner loop. (Look for a paper by, among others, Adi Shamir, the S in RSA and one of the
world's top cryptographers.)
It's pretty amazing what ways people find to break into security mechanisms.