[Haskell-cafe] ANNOUNCE: secure-sockets version 1.0

Mads Lindstrøm mads.lindstroem at gmail.com
Wed Sep 8 16:05:48 EDT 2010

Hi David

On Mon, 2010-09-06 at 13:50 -0700, David Anderson wrote:

>  - Simple timing attacks: If code path A takes longer than code path B
> to execute, an attacker can use that information to reverse engineer
> the outcome of branching tests, and from there possibly recover secret
> key material. This is particularly nasty because the attack can be
> carried out remotely, by repeatedly executing the protocol in a way
> that exercises the vulnerable code path.

I do not know much about cryptography, so I may be writing nonsense
here, but it seems to me that it should not be too hard insuring that
all wrongly encrypted data takes equally long to process. One could use
an algorithm like:

* make interrupt/timer that will finish in one second
* process data from client
* If data is correctly encrypted, stop interrupt/timer and return
information to the client
* If data is wrongly encrypted, prepare error-result, (busy) wait for
interrupt/timer to finish, return result to client

That will mean that all clients, that uses a wrong key, will take one
second to finish. But as clients, with a correct key, finishes fast I do
not see any problems.

What am I missing here?


More information about the Haskell-Cafe mailing list