[Haskell-cafe] Tor project
Karel Gardas
karel.gardas at centrum.cz
Fri Aug 1 07:49:41 UTC 2014
On 08/ 1/14 09:38 AM, Wojtek Narczyński wrote:
>
> On 01.08.2014 09:27, Luke Clifton wrote:
>>
>> Well, how about something like
>>
>> inConstantTime :: timeBudget -> (functionToPerform ::
>> CryptoResult) -> IO (Maybe CryptoResult)
>>
>>
>> I'm no expert, but aren't timing attacks also possible with something
>> like that. If your `functionToPerform' touches the cache in funny
>> ways, the program after resuming from the timeout might have different
>> timings as there could be cache misses in one scenario, but not the
>> other.
> Oh come on, there is still a number of slow buffers in between: kernel,
> network cards, switches, routers.
I think original poster has been talking about something like that:
https://www.cs.unc.edu/~reiter/papers/2012/CCS.pdf
https://eprint.iacr.org/2014/248.pdf
not funny reading indeed. So yes, I would also like to see paper about
attacks above being done against purely functional TLS implementation.
Results may be interesting, especially when we consider functional
programming to provide more secure code by default (in comparison with C)...
Karel
More information about the Haskell-Cafe
mailing list