Steven M. Bellovin wrote:
Dan Bernstein has a new cache timing attack on AES:
http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
<skip>
A question: could this be exploited by evil employee Eve in site A,
whose corporation uses IP-Sec VPN tunneling between sites A and B, and
which can (somehow!) eavesdrop on the (encrypted) communication on the
Net but _not_ on the (plaintext) communication on the intranet, to
decipher the communication of a pair of honest employees, Alice in A and
Bob in B?
If so, what's the best defense?
--
Best regards,
Amir Herzberg
Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
New: see my Hall Of Shame of Unprotected Login pages:
http://AmirHerzberg.com/shame.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
