[Haskell-cafe] Tor project

Karel Gardas karel.gardas at centrum.cz
Fri Aug 1 07:49:41 UTC 2014


On 08/ 1/14 09:38 AM, Wojtek Narczyński wrote:
>
> On 01.08.2014 09:27, Luke Clifton wrote:
>>
>>     Well, how about something like
>>
>>     inConstantTime :: timeBudget -> (functionToPerform ::
>>     CryptoResult) -> IO (Maybe CryptoResult)
>>
>>
>> I'm no expert, but aren't timing attacks also possible with something
>> like that. If your `functionToPerform' touches the cache in funny
>> ways, the program after resuming from the timeout might have different
>> timings as there could be cache misses in one scenario, but not the
>> other.
> Oh come on, there is still a number of slow buffers in between: kernel,
> network cards, switches, routers.

I think original poster has been talking about something like that:

https://www.cs.unc.edu/~reiter/papers/2012/CCS.pdf
https://eprint.iacr.org/2014/248.pdf

not funny reading indeed. So yes, I would also like to see paper about 
attacks above being done against purely functional TLS implementation. 
Results may be interesting, especially when we consider functional 
programming to provide more secure code by default (in comparison with C)...

Karel


More information about the Haskell-Cafe mailing list