The Ethical Hacker Network - 1024-bit RSA encryption cracked by carefully starving CPU of electricity

Latest Additions

Who's Online

EH-Net News Feeds

Latest Additions

aweSEC

Hero Member

Offline

Posts: 1089

1024-bit RSA encryption cracked by carefully starving CPU of electricity

« on: March 09, 2010, 02:29:31 AM »

Quote

"Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password.

http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/


	Logged

zeroflaw

Full Member

Offline

Posts: 184

Re: 1024-bit RSA encryption cracked by carefully starving CPU of electricity

« Reply #1 on: March 09, 2010, 05:57:34 AM »

Man, how do they come up with stuff like that Huh

Very interesting.


	Logged

Ketchup

Hero Member

Offline

Posts: 1006

Re: 1024-bit RSA encryption cracked by carefully starving CPU of electricity

« Reply #2 on: March 09, 2010, 07:05:25 AM »

It's actually pretty impressive. 104 hours to crack 1024 bit encryption is very significant.


	Logged

~~~~~~~~~~~~~~
Ketchup

hayabusa

Hero Member

Offline

Posts: 1197

Re: 1024-bit RSA encryption cracked by carefully starving CPU of electricity

« Reply #3 on: March 09, 2010, 07:42:40 AM »

Quote from: awesec on March 09, 2010, 02:29:31 AM

Quote

"... By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password.

Wow! I don't know about anyone else, but I NEVER would've even begun to think of something like that. Amazing results, from amazing people. For those that don't know their history, U of M is also the originator of LDAP. (Note, I'm an Ohio State Buckeye fan, so go Bucks! But I've got to give credit, where credit is due...)


	Logged

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCP , GPEN, C|EH

former33t

Full Member

Offline

Posts: 224

Re: 1024-bit RSA encryption cracked by carefully starving CPU of electricity

« Reply #4 on: March 09, 2010, 05:27:36 PM »

Yeah, I can't wait to see the full writeup on this.

I'm surprised that DoD hasn't stopped this from being presented. In the US, you are required to submit research on number theory to DoD for pre-publication review (the original intent was to give them a heads up on a prime factorization flaw to avoid breaking public key crypto). While some may argue, I think this falls squarely into number theory and personally, I don't think it should be released until RSA has a chance to review the attack and fix the flaw (if that's even possible). I'm normally for information disclosure, but RSA is too fundamental to the economy IMHO.


	Logged

Certifications: CREA, MCSE: Security, CCNA, Security+, other junk

aweSEC

Hero Member

Offline

Posts: 1089

Re: 1024-bit RSA encryption cracked by carefully starving CPU of electricity

« Reply #5 on: March 09, 2010, 11:53:18 PM »

Quote from: former33t on March 09, 2010, 05:27:36 PM

In the US, you are required to submit research on number theory to DoD for pre-publication review (the original intent was to give them a heads up on a prime factorization flaw to avoid breaking public key crypto).

Interesting, didn't know that before. Looking forward to the full paper as well.


	Logged

Pages: [1] Go Up

« previous next »

SANS Deals 4 EH-Netters

$150 OFF Any SANS Course in Any Format!
Coupon Code: Refer_EHN
Including SANS Phoenix 2012, SANS 2012

Recent Forum Topics