Food for Thought

I have decided to omit in-depth discussion of a few interesting concepts, but these may be a valuable inspiration for further explorations.

Remote Timing Attacks

In theory, it might be possible to deploy the PRNG timing attack over a network. Certain cryptography-enabled services implement symmetrical cryptography. After establishing a slower asymmetric stream using public key infrastructure and verifying both parties, a symmetrical session key is generated, and both endpoints switch to a faster symmetrical alternative.

It might be possible to time keystrokes by causing the application to exhaust an existing entropy pool in the system to the point that there is not enough entropy to seed a new session key, but only by a small fraction. ...

Get Silence on the Wire now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Silence on the Wire by Michal Zalewski

Food for Thought

Remote Timing Attacks

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly