Limited Entropy Dot Com Not so random thoughts on security featured by Eloi Sanfèlix

1Jun/092

Timing attack in Google Keyczar library

Javi mailed it to me last week, and now I came across it again while reading my feeds. Nate Lawson found and described on his blog a timing (side channel) attack in Google Keyzcar library.

Take a look at his post, it's a typical problem found in string/array comparisons, and you should take it into account when programming embedded devices and any other security-related code in general.

PD: I said very soon, didn't I? :P

PDF    Send article as PDF   

Enjoy this article?

Consider subscribing to our rss feed!

Posted by Eloi Sanfèlix

Tagged as: , Leave a comment
Comments (2) Trackbacks (0)
  2. TuXeD
    June 2nd, 2009 - 14:58

    Je, estoy melon… se me olvido anyadir el link. Ahora edito la entrada xD

    Gracias Javi


Leave a comment

(required)

No trackbacks yet.

» «

Tag cloud

Android book bug CA ccc collision Crypto1 Cryptographic protocols Cryptography Crypto Series dnie evoting ext3 Fault injection forensics General hardware hash HTC Hero IDA md5 Mifare mifare classic personal PFC PKI Protocols Protocol Verification reto hacking reversing rootedcon RSA-CRT Security shmoocon 2008 smart cards SSL talks teleco TLS uninformed video videos wargame Windows Vista xbox360

Latest tweets

Interesting Posts

Shared Items

Recent Comments

Meta