OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Minutes for SSTC Telecon (18 Oct 2011)

On 10/24/11 3:56 AM, "Massimiliano Masi"
<massimiliano.masi@tiani-spirit.com> wrote:

>>Unfortunately it's not just error messages (that's easy to prevent), it's
>> also a timing attack.
>> 
>
>Yes, that's true. But these attacks are really hard to prevent, AFAIK.

That doesn't make them any less relevant.

> 
>Most of the attacks to crypto systems based on oracles, are suffering
>from timing problems. Do you think that the paper from Bochum is
>suggesting
>timing attacks of another kind?

No, but there are workarounds that prevent this specific problem that SAML
can encourage.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]