The Ethical Hacker Network - 1024-bit RSA encryption cracked by carefully starving CPU of electricity

UNIX

Hero Member

Offline

Posts: 1235

1024-bit RSA encryption cracked by carefully starving CPU of electricity

« on: March 09, 2010, 02:29:31 AM »

Quote

"Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password.

http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/


	Logged

zeroflaw

Full Member

Offline

Posts: 208

Re: 1024-bit RSA encryption cracked by carefully starving CPU of electricity

« Reply #1 on: March 09, 2010, 05:57:34 AM »

Man, how do they come up with stuff like that Huh

Very interesting.


	Logged

Ketchup

Hero Member

Offline

Posts: 1021

Re: 1024-bit RSA encryption cracked by carefully starving CPU of electricity

« Reply #2 on: March 09, 2010, 07:05:25 AM »

It's actually pretty impressive. 104 hours to crack 1024 bit encryption is very significant.


	Logged

~~~~~~~~~~~~~~
Ketchup

hayabusa

Hero Member

Offline

Posts: 1633

Re: 1024-bit RSA encryption cracked by carefully starving CPU of electricity

« Reply #3 on: March 09, 2010, 07:42:40 AM »

Quote from: awesec on March 09, 2010, 02:29:31 AM

Quote

"... By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password.

Wow! I don't know about anyone else, but I NEVER would've even begun to think of something like that. Amazing results, from amazing people. For those that don't know their history, U of M is also the originator of LDAP. (Note, I'm an Ohio State Buckeye fan, so go Bucks! But I've got to give credit, where credit is due...)


	Logged

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH

former33t

Full Member

Offline

Posts: 226

Re: 1024-bit RSA encryption cracked by carefully starving CPU of electricity

« Reply #4 on: March 09, 2010, 05:27:36 PM »

Yeah, I can't wait to see the full writeup on this.

I'm surprised that DoD hasn't stopped this from being presented. In the US, you are required to submit research on number theory to DoD for pre-publication review (the original intent was to give them a heads up on a prime factorization flaw to avoid breaking public key crypto). While some may argue, I think this falls squarely into number theory and personally, I don't think it should be released until RSA has a chance to review the attack and fix the flaw (if that's even possible). I'm normally for information disclosure, but RSA is too fundamental to the economy IMHO.


	Logged

Certifications: CREA, MCSE: Security, CCNA, Security+, other junk

UNIX

Hero Member

Offline

Posts: 1235

Re: 1024-bit RSA encryption cracked by carefully starving CPU of electricity

« Reply #5 on: March 09, 2010, 11:53:18 PM »

Quote from: former33t on March 09, 2010, 05:27:36 PM

In the US, you are required to submit research on number theory to DoD for pre-publication review (the original intent was to give them a heads up on a prime factorization flaw to avoid breaking public key crypto).

Interesting, didn't know that before. Looking forward to the full paper as well.


	Logged

Pages: [1] Go Up

« previous next »