On Wed, 18 Sep 2019 at 02:19, Paul Koning via cctalk <cctalk@classiccmp.org> wrote: > > ... > Speaking of timing, that reminds me of two amazing security holes written up > in the past few years. Nothing to do with the Spectre etc. issue. > > One is the recovery of speech from an encrypted VoIP channel such as Skype, > by looking at the sizes of the encrypted data blocks. (Look for a paper > named "Hookt on fon-iks" by White et al.) The fix for this is message > padding. > > The other is the recovery of the RSA private key in a smartphone by listening > to the sound it makes while decrypting. The fix for this is timing tweaks in > the decryption inner loop. (Look for a paper by, among others, Adi Shamir, > the S in RSA and one of the world's top cryptographers.) > > It's pretty amazing what ways people find to break into security mechanisms.
... Wow. *Wow.* Thanks for those! -- Liam Proven - Profile: https://about.me/liamproven Email: lpro...@cix.co.uk - Google Mail/Hangouts/Plus: lpro...@gmail.com Twitter/Facebook/Flickr: lproven - Skype/LinkedIn: liamproven UK: +44 7939-087884 - ČR (+ WhatsApp/Telegram/Signal): +420 702 829 053
