Timing attacks, Twofish housekeeping
mskala at ansuz.sooke.bc.ca
mskala at ansuz.sooke.bc.ca
Mon Sep 23 05:14:01 CEST 2002
I've had some email suggesting improvements to the Twofish code; when I
have some spare time I'd like to take another look through the code and
implement some of them.
One issue I was unsure about concerned timing - it was pointed out to me
that the existing code could be vulnerable to timing attacks, in that the
CALC_S macro's execution time depends on a key byte. Is this an issue we
should be looking at? My suspicion is that the public-key stuff in GnuPG
is a whole lot *more* susceptible to timing attacks, and that hardening it
against them would be a major headache and unnecessary in the usual threat
model. I can imagine some situations (conventional encryption, in a
server situation) where a timing attack against Twofish could be a
problem even if we didn't care about timing attacks on the public-key
ciphers. That seems far-fetched, though.
So I wanted to ask the list: are timing attacks an issue for us at
all? How much effort is it worth to eliminate them?
--
Matthew Skala
mskala at ansuz.sooke.bc.ca Embrace and defend.
http://ansuz.sooke.bc.ca/
More information about the Gnupg-devel
mailing list