Not logged in
Log in now
Create an account
Subscribe to LWN
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
Security quotes of the week
Posted Oct 25, 2012 18:04 UTC (Thu) by tpo (subscriber, #25713)
As far as I understand Langley's article GCM is only one part of the problem. Is the other part of the problem also resolved by those machine instructions?
In case it would be, would that mean that as long as your SW runs on "newer" machines and actually uses those instructions for AES, you're safe and protected against known sidechannel attacks in software?
Also, as far as I understood OpenSSL is *still* doing table lookups but have reduced the table sizes so as not to cause that much cache churn. Would that have made the attack harder or impossible? Harder by several orders of magnitude or by several factors?
And what about the current typical SW stack? If I do a "cat /proc/memory | grep AES", how many of the typical processes running there actually use safe AES implementations? Does the kernel?
Posted Oct 25, 2012 20:48 UTC (Thu) by wahern (subscriber, #37304)
On the other hand, the process of checking people's shoes at the airport isn't merely suboptimal. It's not like we're doing it wrong. It's that we have no evidence its worthwhile at all, and it may even be counterproductive. It's a stretch to argue that ripping out AES and similar algorithms would improve the state of network security.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds