Three Questions for Billy Brumley on the OpenSSL Timing Attack
Timing attacks have been a problem for designers of cryptosystems–as well as for people implementing those systems–for a long time. They’ve plagued just about every popular system, and although practical attacks have been demonstrated many times, the problem and what can be done to defend against it are well understood. As a result, researchers have for the most part focused their efforts on other side-channel attacks on cryptosystems of late. However, a new paper by a pair of researchers at a Finnish university shows that timing attacks still can be used to completely compromise some cryptosystems.