Comments on: Prediction or hindsight http://d-kriptik.com/blog/2005/12/22/prediction-or-hindsight/ Bridging the technology gap between techies and everyone else. Mon, 29 Mar 2010 23:39:43 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: D-kriptik Blog » Blog Archive » AACS stuff http://d-kriptik.com/blog/2005/12/22/prediction-or-hindsight/comment-page-1/#comment-34250 D-kriptik Blog » Blog Archive » AACS stuff Wed, 30 May 2007 20:16:16 +0000 http://d-kriptik.com/blog/?p=65#comment-34250 [...] discussion and something I commented on a while back when misinterpreting a prediction by Ptacek. Besides all the stories of side [...] [...] discussion and something I commented on a while back when misinterpreting a prediction by Ptacek. Besides all the stories of side [...]

]]> By: D-kriptik Blog » Blog Archive » Funded audits of open source http://d-kriptik.com/blog/2005/12/22/prediction-or-hindsight/comment-page-1/#comment-260 D-kriptik Blog » Blog Archive » Funded audits of open source Wed, 25 Jan 2006 06:49:44 +0000 http://d-kriptik.com/blog/?p=65#comment-260 [...] This will mean that the basic use of cryptography in certain portions of OpenSSL have been audited by a third party and found to meet a baseline set of security requirements as defined by NIST (FIPS 140-2). (No, common coding errors, timing attacks, etc. are not included in that audit, and, yes, this is a small view of the world the module may actually be used in.) Details on what has been taken through validation and the areas looked at can be found in the Security Policy for the OpenSSL module, and this document makes for quite an interesting read, especially with regards to the definition of the module and its integrity check, which shakes up prior interpretations a bit. [...] [...] This will mean that the basic use of cryptography in certain portions of OpenSSL have been audited by a third party and found to meet a baseline set of security requirements as defined by NIST (FIPS 140-2). (No, common coding errors, timing attacks, etc. are not included in that audit, and, yes, this is a small view of the world the module may actually be used in.) Details on what has been taken through validation and the areas looked at can be found in the Security Policy for the OpenSSL module, and this document makes for quite an interesting read, especially with regards to the definition of the module and its integrity check, which shakes up prior interpretations a bit. [...]

]]> By: D-Kriptik Support (Andrew Donofrio) http://d-kriptik.com/blog/2005/12/22/prediction-or-hindsight/comment-page-1/#comment-42 D-Kriptik Support (Andrew Donofrio) Fri, 23 Dec 2005 20:20:25 +0000 http://d-kriptik.com/blog/?p=65#comment-42 Ahh, I see your point now. Side channel attacks and their countermeasures became a popular, public research area starting in the 1990's and were spotlighted in the earlier part of this decade; however, these attacks certainly have not gotten into the public drivers seat for attacking the mass of general purpose hosts out there. From that perspective, I go in the opposite direct - I think side channel attacks will remain in the, well, trunk in 2006. The research will continue, demonstrations will happen on known tools, countermeasures will be developed, etc., but I just don't see these attacks going mainstream in your terms next year, as these attacks are just not yet as useful as others. Ahh, I see your point now. Side channel attacks and their countermeasures became a popular, public research area starting in the 1990’s and were spotlighted in the earlier part of this decade; however, these attacks certainly have not gotten into the public drivers seat for attacking the mass of general purpose hosts out there. From that perspective, I go in the opposite direct – I think side channel attacks will remain in the, well, trunk in 2006. The research will continue, demonstrations will happen on known tools, countermeasures will be developed, etc., but I just don’t see these attacks going mainstream in your terms next year, as these attacks are just not yet as useful as others.

]]> By: Thomas Ptacek http://d-kriptik.com/blog/2005/12/22/prediction-or-hindsight/comment-page-1/#comment-38 Thomas Ptacek Fri, 23 Dec 2005 17:28:00 +0000 http://d-kriptik.com/blog/?p=65#comment-38 Your points are well taken, but I think the underlying point I'm trying to make is, the number of real-world attacks on general-purpose hosts that have been carried out using side-channel attacks is zero. I expect that to change in 2006. Your points are well taken, but I think the underlying point I’m trying to make is, the number of real-world attacks on general-purpose hosts that have been carried out using side-channel attacks is zero.

I expect that to change in 2006.

]]>