⚡ Breaking "Perfect" Security with Timing Attacks - grhkm

Just because a computer system is cryptographically secure, doesn't mean we can't break it in other ways. This talk introduces and explores timing attacks and more generally side-channel attacks, on real world examples. While usually easy to fix, they can be subtle to spot, and lead to critical vulnerabilities if not properly considered when writing secure code.

Talk by grhkm ( https://grhkm21.github.io/ )

Links:
https://nvd.nist.gov/vuln/detail/CVE-...
https://mystiz.hk/posts/2021/2021-11-...
https://www.usenix.org/conference/use...

00:00 - Introduction
00:43 - "Perfect" Code
02:38 - First Timing Attack
03:56 - Case Study: Symfony
06:50 - Case Study: RSA
09:28 - Timeless Timing Attacks
12:21 - Conclusion