|
|
|
|
|
|
by gautamb0
3079 days ago
|
|
|
[I had to go back and reread it a couple of times...naturally :)] I guess part of what bothered me is what makes it well written; there is so much of the discussion spent on background, which felt like stating the obvious to me. It wasn't clear to me how specific the conditions needed to be for the attack. They use GnuPG as an example, and ostensibly rely on knowing the algorithms that the decryption and encryption functions beforehand. With knowledge of the implementation, they're able to trace execution, and subsequently infer each bit of the victim data that they want to probe. They also need to know the victim's cache characteristics; hierarchy and timing. It's a far cry from arbitrarily reading memory on an arbitrary victim. |
|
|