--- layout: fc_discuss_archives title: Message 57 from Frama-C-discuss on December 2011 ---
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Frama-c-discuss] how to abstract the loop



On Thu, Dec 29, 2011 at 10:46 AM, Pascal Cuoq <pascal.cuoq at gmail.com> wrote:

> With only a little bit of additional work, the value analysis would also
> tell you that beyond the information flow shown above, AES is susceptible
> to cache-timing attacks (
> http://cr.yp.to/antiforgery/cachetiming-20050414.pdf ). And it would
> verify that Skein-256 is not. This kind of verification was put together
> with researchers and students at University of Minho, and it's currently
> not documented
>

It's documented now, at
http://blog.frama-c.com/index.php?post/2011/12/31/Do-not-use-AES-in-a-context-where-timing-attacks-are-possible

Pascal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gforge.inria.fr/pipermail/frama-c-discuss/attachments/20111231/fa0a9c03/attachment.htm>