This paper demonstrates complete AES key recovery from
known-plaintext timings of a network server on another computer. This
attack should be blamed on the AES design, not on the particular AES
library used by the server; it is extremely di_cult to write constant-time
high-speed AES software for common general-purpose computers. This
paper discusses several of the obstacles in detail.
Viz také :komentá? Schneiera