18 Mar
2003
18 Mar
'03
5:23 a.m.
This is a new attack, not the one Schneier was talking about. It's very elegant work -- they actually implemented an attack that can recover the long-term private key. The only caveat is that their attack currently works on LANs, not WANs, because they need more precise timing than is generally feasible over the Internet.
Hmmm... This means that it is safer for senior managers in a company to communicate using private ADSL Internet connections to their desktops rather than using a corporate LAN. Very interesting. Could IP Centrex be the wave of the future? Will ISPs offer random jitter insertion guarantees on such a service to foil people using timing attacks? --Michael Dillon