[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Newbie's questions



On 2/27/07, Michael Holstein <michael.holstein@xxxxxxxxxxx> wrote:
...
> (2) Can the green line be cracked by intercepting the packets or headers?

An attack against AES that's more effective than bruteforce is not (yet)
known, so I'd say "probably not", although TOR developers are clear to
tell you it doesn't defend against a "global adversary" (eg:
$3_letter_agencies).

this is actually more complicated to answer; namely implementation specific in the context of an active attacker. consider an AES cache timing attack which can recover AES secrets remotely over the network with modest effort: http://cr.yp.to/antiforgery/cachetiming-20050414.pdf

there are similar side channels (exploiting pipelining, L1/L2 cache
latency, and other CPU capabilities) against public key and symmetric
cipher implementations in software.

while not a dire threat this is something to consider in your threat
model and one reason i am a big fan of hardware cipher implementations
like VIA Padlock.