RSA 1024-bit Private Key Encryption Cracked
Linked by Thom Holwerda on Mon 8th Mar 2010 19:04 UTC, submitted by gogothebee
Privacy, Security, Encryption "Three University of Michigan computer scientists say they have found a way to exploit a weakness in RSA security technology used to protect everything from media players to smartphones and ecommerce servers.RSA authentication is susceptible, they say, to changes in the voltage supply to a private key holder. The researchers - Andrea Pellegrini, Valeria Bertacco and Todd Austin - outline their findings in a paper titled "Fault-based attack of RSA authentication", to be presented 10 March at the Design, Automation and Test in Europe conference."
E-mail Print r 0   7 Comment(s) http://osne.ws/hq5
Order by: Score:
Add Comment Post a Comment
Somewhat misleading
by JoeBuck on Mon 8th Mar 2010 19:20 UTC
JoeBuck
Member since:
2006-01-11

This kind of attack doesn't break the algorithm, it exploits features of a physical implementation, meaning you need access the the hardware that implements the algorithm.

So these kinds of attacks mainly are a way to break DRM, they don't affect e-commerce security.

Reply Score: 7

RE: Somewhat misleading
by panzi on Mon 8th Mar 2010 20:27 UTC in reply to "Somewhat misleading"
panzi Member since:
2006-01-22

If an attacker has physical access to the hardware that implements the security, hasn't your security failed already?

Reply Score: 3

Same principle?
by Dr-ROX on Mon 8th Mar 2010 20:38 UTC
Dr-ROX
Member since:
2006-01-03

Is this the same principle to crack SSH in earlier post?

Reply Score: 2

RE: Same principle? SAME EXACT STORY
by poundsmack on Mon 8th Mar 2010 21:29 UTC in reply to "Same principle?"
poundsmack Member since:
2005-07-13

This is the same story that was reported on in this thread: http://www.osnews.com/comments/22964

This about sums it up: http://www.osnews.com/thread?412272

Reply Score: 2

So?
by hufman on Mon 8th Mar 2010 21:26 UTC
hufman
Member since:
2008-10-11

This made a huge splash on Slashdot, but I'm not sure what the big deal is. As I understand it, their attack involves widely varying the voltage supplying the CPU that is manipulating the private key. A sane person would realize that the key being used is in memory, and probably also in a physical storage medium attached to that memory, and would not need to burn out the CPU by overvolting it.

What am I missing from this? Or are we really exaggerating a piece of nothing?

Reply Score: 1

RE: So?
by mintar on Tue 9th Mar 2010 09:43 UTC in reply to "So?"
mintar Member since:
2008-09-26

A sane person would realize that the key being used is in memory, and probably also in a physical storage medium attached to that memory, and would not need to burn out the CPU by overvolting it.


In the case of embedded devices, such as smart cards, it might be more convenient to fiddle with the power supply than to try and get access to the memory. But yes, the impact of this "security flaw" is widely exaggerated. The average Slashdot reader probably only gets "RSA is broken", and that would be quite a story.

Reply Score: 1

The important question
by Soulbender on Tue 9th Mar 2010 09:44 UTC
Soulbender
Member since:
2005-08-18

What we all really want to know is, do you get a blowjob while breaking it?

Reply Score: 2

Add Comment Post a Comment