|
|
|
|
|
|
by tptacek
5122 days ago
|
|
|
It's very difficult, but possible. It's a plausible enough threat, especially if you're cloud hosted now or ever might be, that you should take steps to avoid it. Jitter and confounding are problems that can be addressed simply by repeated measurements. The rule-of-thumb from Crosby & Wallach's paper on remote timing attacks is, assume tens-to-hundreds of nanoseconds precision if you can colocate the attacker at the same provider, and tens of microseconds if you have to do it over the Internet. |
|
|