Comments on: Preventing RSA cache timing attacks http://rdist.root.org/2008/02/28/preventing-rsa-cache-timing-attacks/ Embedded security, crypto, software protection Mon, 06 Feb 2012 20:16:28 +0000 hourly 1 http://wordpress.com/ By: Nate Lawson http://rdist.root.org/2008/02/28/preventing-rsa-cache-timing-attacks/comment-page-1/#comment-4559 Sun, 13 Apr 2008 02:39:57 +0000 http://rdist.root.org/?p=116#comment-4559 There are a number of scenarios where local timing attacks are useful, although for general-purpose computers, I agree they still aren’t nearly as valuable as remote timing attacks.

- Shared environments on the same hardware: hosted software, VMware debugging potentially malicious code, downloaded code (Javascript, Java in browser, Flash)

- Privilege escalation (user -> kernel)

- Hardware crypto in embedded devices where you already can run software (e.g., iPhone)

]]> By: ignorant http://rdist.root.org/2008/02/28/preventing-rsa-cache-timing-attacks/comment-page-1/#comment-4557 Sat, 12 Apr 2008 20:18:38 +0000 http://rdist.root.org/?p=116#comment-4557 Somehow I don’t see (or understand) why these (local) side channel attacks are interesting? If you can run a program on the same computer as, say, the SSL web server then there should be easier ways of determining the secret/private key (like reading process memory, …)?

]]>