coderman at gmail.com
Tue Feb 27 19:08:42 UTC 2007
On 2/27/07, Michael Holstein <michael.holstein at csuohio.edu> wrote:
> > (2) Can the green line be cracked by intercepting the packets or headers?
> An attack against AES that's more effective than bruteforce is not (yet)
> known, so I'd say "probably not", although TOR developers are clear to
> tell you it doesn't defend against a "global adversary" (eg:
this is actually more complicated to answer; namely implementation
specific in the context of an active attacker. consider an AES cache
timing attack which can recover AES secrets remotely over the network
with modest effort:
there are similar side channels (exploiting pipelining, L1/L2 cache
latency, and other CPU capabilities) against public key and symmetric
cipher implementations in software.
while not a dire threat this is something to consider in your threat
model and one reason i am a big fan of hardware cipher implementations
like VIA Padlock.
More information about the tor-talk