You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Keyczar Discuss
Hello guys i am a student of computer science i am doing timing attack for my final year project. but i have tried to attack keyczar(old version).
it doesnt seems to have any timing difference but i've check the source code that contains cache leak. I have use HMAC_SHA1 key purpose SIGN_AND_VERIFY and I called signer class but I am not sure if the signer class will call the verify function from the hmackey class.
Steve Weis
unread,
Feb 6, 2017, 10:46:26 AM2/6/17
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
You mentioned a "cache leak". I don't know of publicly reported cache side-channel attacks specific to Keyczar. I would not be surprised to find cache side-channels in OpenSSL or the JCE, which is relies upon.