undefined | Better HN

0 pointsmarcosdumay8y ago0 comments

ChaCha20 does not survive tempest attacks like this one. No algorithm does.

This attack is reading data directly from the bus between RAM and the CPU. You can not make an algorithm that survives that.

0 comments

JoachimSchipper8y ago

To clarify: in one of the attacks discussed we mostly picked up a signal from the address lines - that is, we exploited the fact that AES' RAM access patterns correlate with the key.

ChaCha20 is sufficiently constant-everything (which includes not having any key-dependent RAM access patterns) that we'd probably need to pick up the data (not just address) lines. That turns out to be (mildly?) harder in this particular combination of attack target and measurement setup.

We do make appliances designed to survive (or at least strongly resist) such attacks, but admittedly we don't rely on naive software AES implementations operating on external RAM. ;-)

j / k navigate · click thread line to collapse

0 pointsmarcosdumay8y ago0 comments

ChaCha20 does not survive tempest attacks like this one. No algorithm does.

This attack is reading data directly from the bus between RAM and the CPU. You can not make an algorithm that survives that.

0 comments

JoachimSchipper8y ago

To clarify: in one of the attacks discussed we mostly picked up a signal from the address lines - that is, we exploited the fact that AES' RAM access patterns correlate with the key.

We do make appliances designed to survive (or at least strongly resist) such attacks, but admittedly we don't rely on naive software AES implementations operating on external RAM. ;-)

j / k navigate · click thread line to collapse