[EMAIL PROTECTED] wrote:
* That which was not recorded did not happen.
* That which is not documented does not exist.
* That which has not been audited is vulnerable.
and he did not mean this in the paths to invisibility
sense but rather that you have liability unless
On 7/11/06, Hal Finney [EMAIL PROTECTED] wrote:
: So what went wrong? Answer: NIST failed to recognize that table lookups
: do not take constant time. âTable lookup: not vulnerable to timing
: attacks, NIST stated in [19, Section 3.6.2]. NIST's statement was,
: and is, incorrect.
That's
I'm still fleshing it out, but I've gathered a bunch of links/papers
on side-channel attacks:
http://www.lightconsulting.com/~travis/side_channel_attacks.html
Suggestions welcome.
--
Resolve is what distinguishes a person who has failed from a failure.
Unix guru for sale or rent -
Sorry, noticed the subject line was misleading.
It contains every side channel attack I could find, including but not
limited to timing.
--
Resolve is what distinguishes a person who has failed from a failure.
Unix guru for sale or rent - http://www.lightconsulting.com/~travis/ --
GPG
From: Anne Lynn Wheeler [EMAIL PROTECTED]
Sent: Jul 11, 2006 6:45 PM
Subject: Re: Interesting bit of a quote
...
my slightly different perspective is that audits in the past have
somewhat been looking for inconsistencies from independent sources. this
worked in the days of paper books from
On Thu, 13 Jul 2006, John Kelsey wrote:
| From: Anne Lynn Wheeler [EMAIL PROTECTED]
| ...
| my slightly different perspective is that audits in the past have
| somewhat been looking for inconsistencies from independent sources. this
| worked in the days of paper books from multiple different
John Kelsey wrote:
It's interesting to me that this same kind of issue comes up in voting
security, where computerized counting of hand-marked paper ballots (or
punched cards) has been and is being replaced with much more
user-friendly DREs, where paper poll books are being replaced with