1024-bit RSA encryption cracked by carefully starving CPU of electricity

Viewing 5 reply threads
  • Author
    Posts
    • #4768
      UNIX
      Participant

      “Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device’s power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password.

      http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/

    • #29909
      zeroflaw
      Participant

      Man, how do they come up with stuff like that  ??? Very interesting.

    • #29910
      Ketchup
      Participant

      It’s actually pretty impressive.  104 hours to crack 1024 bit encryption is very significant. 

    • #29911
      hayabusa
      Participant

      @awesec wrote:

      “… By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password.

      Wow!  I don’t know about anyone else, but I NEVER would’ve even begun to think of something like that.  Amazing results, from amazing people.  For those that don’t know their history, U of M is also the originator of LDAP.  (Note, I’m an Ohio State Buckeye fan, so go Bucks!  But I’ve got to give credit, where credit is due…)

    • #29912
      former33t
      Participant

      Yeah, I can’t wait to see the full writeup on this.

      I’m surprised that DoD hasn’t stopped this from being presented.  In the US, you are required to submit research on number theory to DoD for pre-publication review (the original intent was to give them a heads up on a prime factorization flaw to avoid breaking public key crypto).  While some may argue, I think this falls squarely into number theory and personally, I don’t think it should be released until RSA has a chance to review the attack and fix the flaw (if that’s even possible).  I’m normally for information disclosure, but RSA is too fundamental to the economy IMHO.

    • #29913
      UNIX
      Participant

      @former33t wrote:

      In the US, you are required to submit research on number theory to DoD for pre-publication review (the original intent was to give them a heads up on a prime factorization flaw to avoid breaking public key crypto).

      Interesting, didn’t know that before. Looking forward to the full paper as well.

Viewing 5 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?