On Mon, Dec 16, 2013 at 01:43:59AM -0500, Theodore Ts'o wrote: > I understand that; and as I wrote in my last e-mail, I think that is a > substantially harder attack than the currently published cache timing > attacks, which are known plaintext attacks --- that is the attacker > doesn't know the key, but can choose the plaintext, and view the > resulting ciphertext.
s/known plaintext attacks/chosen plaintext attacks/ > > In this case, the attacker doen't know the key *and* the plaintext; it > can view its own attempt to read from /dev/random, but from that, it > needs to be able to figure out the the key and the plaintext (i.e., > the entropy pool) in order to be able to predict someone else's output > of /dev/random. > > If you think this is easier than the currently published cache timing > attacks, please provide details why you think this is the case, > preferably in the form of a demonstration.... > > - Ted > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
