The Call of the Open Sidewalk

From a place slightly to the side of the more popular path

User Tools

Site Tools

pgpfan:oracle

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
Last revisionBoth sides next revision
pgpfan:oracle [2020/06/12 19:41] – created b.walzerpgpfan:oracle [2022/09/25 12:03] – Clearer. b.walzer
Line 1: Line 1:
-======Oracle Attack Immunity======+ ======Oracle Attack Immunity======
  
 An [[https://www.drdobbs.com/understanding-oracle-attacks-on-informat/184405917|oracle attack]] is a powerful technique used to discover information about the internal state of some system. The system is tested in some way, usually repetitively, and the response is analyzed. An [[https://www.drdobbs.com/understanding-oracle-attacks-on-informat/184405917|oracle attack]] is a powerful technique used to discover information about the internal state of some system. The system is tested in some way, usually repetitively, and the response is analyzed.
  
-My single point here is that when PGP is used in a unidirectional application like email, oracle attacks are impossible simply because there is no response available. I suppose in theory  the attacker could try to get the recipient to manually send back the error messages, but that is quite unlikely to have good outcome.+My single point here is that when PGP is used in a unidirectional application like email, oracle attacks are impossible simply because there is no response available. I suppose in theory  the attacker could try to get the recipient to manually send back the error messages, but that would only cause the sort of confusion that would not advance anything. A successful attack that depended on the actions of the users would involve [[wp>Social_engineering_(security)|social engineering]] at high enough level to make messing around with the cryptography unnecessary. The desired information could be obtained directly from the users.
  
 This immunity to oracle attacks comes from the simplicity of PGP. There are no low level automated subsystems to interact with. You are always interacting with a person. This immunity to oracle attacks comes from the simplicity of PGP. There are no low level automated subsystems to interact with. You are always interacting with a person.
  
-[[pgpfan:index|PGP FAN index]]+This might seem to be a trivial observation and that I am giving PGP credit for something intrinsic to the application but this is a common source of confusion. It is often incorrectly assumed that oracle attacks applicable to online, connection oriented media are also relevant for the offline, non-connection oriented media where PGP is used. 
 + 
 +[[pgpfan:index|PGP FAN index]]\\ 
 +[[em:index|Encrypted Messaging index]]\\ 
 +[[:start|Home]]
  
pgpfan/oracle.txt · Last modified: 2022/11/07 21:35 by b.walzer