back to article Crypto protocols held back by legacy, says ENISA

The EU Agency for Network Information and Security (ENISA) has updated its 2013 crypto guidelines, designed to help developers protect personal information in line with EU law, and has sternly told crypto designers they're doing it wrong, in two reports released late last week. At the protocol level, cryptography suffers from …

  1. Trevor_Pott Gold badge

    I don't understand. A major political body just released this information to the world? Doesn't that make them terrorists? At least according to the FBI, NSA, GCHQ, etc who believe that strong crypto is something that plebians should not have access to...

  2. Dr Trevor Marshall

    It is OK - they used long words

    No self-respecting pleb would understand any of that stuff...

  3. Nick Kew
    Big Brother

    Oh my ...

    [am I allowed to post here without being a Trevor?]

    Methinks those herrings in EU waters look rather reddish. Execution times? Power consumption? Isn't that pure background noise on an operational server? Or perfectly unmeasurable in an ATM machine?

    Suppose you could indeed infer key size. You still face the original number of bits in the headline security level. But ... oh, hang on, key size wasn't secret in the first place. Whoops!

    On the other hand, maybe your entropy generator itself might have a footprint. And maybe a modern-day Turing might have developed a database that could draw information from such a beastie ...

    1. Detective Emil
      Boffin

      Re: Oh my ...

      Changes in power consumption and execution time are indeed hard to discern on a server. However, they're trivial to measure on embedded systems such as smart cards and payment terminals. And that's before you expose the poor little chip to see microscopic hot spots, or where the electrons are lingering. (Although cryptographic chips incorporate countermeasures agains such attacks.) Even on servers, attacks are possible by doing unexpected things to the contents of the CPU's shared caches and so being able, for example, to make guesses the execution path of another process's code. The spirit of Bletchley Park is still alive.

      There's a dauntingly large amount of literature about this stuff …

    2. Brewster's Angle Grinder Silver badge

      Re: Oh my ...

      You've just demonstrated why regular devs should stay away from crypto.

      1. Anonymous Coward
        Pint

        Re: Oh my ...

        Shrug. That 800 MT gorilla waiting to s(h)it on everyone/everything in the IT world that side-channel (entropy reduction) attacks can used to infer other behaviours just as easily if not more in our cloudy/virtualised universe. It's extremely difficult to maintain security for our crypto-software, Requiring code that is eavesdropping-proof or runs sole-occupant on the hardware completely destroys the basis of expense saving of cloud. Note this well, any way that a secure system effects another system is an example of energy (even if negative) transfer between the two and represents a possible attack on that secure element. And wouldn't you know it, multiple tenancy is all about a secure element.

        Eventually this'll pop-up on the radar for security-bods. Should be interesting to see if the NSA is/was already using it. Waiting for a hit-team to show up for Thanksgiving dinner here ;-).

    3. Anonymous Coward
      Anonymous Coward

      Re: Oh my ...

      Check out Dan Boneh's work: http://crypto.stanford.edu/~dabo/pubs/pubs.html

  4. Anonymous Coward
    Anonymous Coward

    Schnorr?

    Report recommends Schnorr not ECDSA.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021