AES (Cryptography)
Does anyone know if D.J. Bernstein's recently discovered timing vulnerability in AES encryption affects the Java (1.4) implementation?
The vulnerability (at first, naive glance) seems to arise from speed optimisations in all fast implementations, for example, in C (causing some computations to be faster than others and therefore giving clues to the AES key by how long some texts take to process compared to others) but I wonder if Java, being slow and garbage collected, is less vulnerable than a "good" cryptography platform? If you need 200 million samples to break a key I don't think my beast of a Java program has much to worry about.
The vulnerability (at first, naive glance) seems to arise from speed optimisations in all fast implementations, for example, in C (causing some computations to be faster than others and therefore giving clues to the AES key by how long some texts take to process compared to others) but I wonder if Java, being slow and garbage collected, is less vulnerable than a "good" cryptography platform? If you need 200 million samples to break a key I don't think my beast of a Java program has much to worry about.
