EH-Net

Ethical Hacking Discussions and Related Certifications => Malware => Topic started by: UNIX on March 09, 2010, 02:29:31 AM


Title: 1024-bit RSA encryption cracked by carefully starving CPU of electricity
Post by: UNIX on March 09, 2010, 02:29:31 AM
Quote
"Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password.

http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/

Title: Re: 1024-bit RSA encryption cracked by carefully starving CPU of electricity
Post by: zeroflaw on March 09, 2010, 05:57:34 AM
Man, how do they come up with stuff like that  ??? Very interesting.

Title: Re: 1024-bit RSA encryption cracked by carefully starving CPU of electricity
Post by: Ketchup on March 09, 2010, 07:05:25 AM
It's actually pretty impressive.  104 hours to crack 1024 bit encryption is very significant. 

Title: Re: 1024-bit RSA encryption cracked by carefully starving CPU of electricity
Post by: hayabusa on March 09, 2010, 07:42:40 AM
Quote from: awesec on March 09, 2010, 02:29:31 AM
Quote
"... By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password.

Wow!  I don't know about anyone else, but I NEVER would've even begun to think of something like that.  Amazing results, from amazing people.  For those that don't know their history, U of M is also the originator of LDAP.  (Note, I'm an Ohio State Buckeye fan, so go Bucks!  But I've got to give credit, where credit is due...)

Title: Re: 1024-bit RSA encryption cracked by carefully starving CPU of electricity
Post by: former33t on March 09, 2010, 05:27:36 PM
Yeah, I can't wait to see the full writeup on this.

I'm surprised that DoD hasn't stopped this from being presented.  In the US, you are required to submit research on number theory to DoD for pre-publication review (the original intent was to give them a heads up on a prime factorization flaw to avoid breaking public key crypto).  While some may argue, I think this falls squarely into number theory and personally, I don't think it should be released until RSA has a chance to review the attack and fix the flaw (if that's even possible).  I'm normally for information disclosure, but RSA is too fundamental to the economy IMHO.

Title: Re: 1024-bit RSA encryption cracked by carefully starving CPU of electricity
Post by: UNIX on March 09, 2010, 11:53:18 PM
Quote from: former33t on March 09, 2010, 05:27:36 PM
In the US, you are required to submit research on number theory to DoD for pre-publication review (the original intent was to give them a heads up on a prime factorization flaw to avoid breaking public key crypto).

Interesting, didn't know that before. Looking forward to the full paper as well.


Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com