.

1024-bit RSA encryption cracked by carefully starving CPU of electricity

<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Tue Mar 09, 2010 3:29 am

1024-bit RSA encryption cracked by carefully starving CPU of electricity

"Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password.


http://www.engadget.com/2010/03/09/1024 ... pu-of-ele/
<<

zeroflaw

User avatar

Full Member
Full Member

Posts: 208

Joined: Fri Feb 12, 2010 10:41 am

Location: Holland, Den Helder

Post Tue Mar 09, 2010 6:57 am

Re: 1024-bit RSA encryption cracked by carefully starving CPU of electricity

Man, how do they come up with stuff like that  ??? Very interesting.
ZF
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Tue Mar 09, 2010 8:05 am

Re: 1024-bit RSA encryption cracked by carefully starving CPU of electricity

It's actually pretty impressive.  104 hours to crack 1024 bit encryption is very significant. 
~~~~~~~~~~~~~~
Ketchup
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Mar 09, 2010 8:42 am

Re: 1024-bit RSA encryption cracked by carefully starving CPU of electricity

awesec wrote:
"... By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password.



Wow!  I don't know about anyone else, but I NEVER would've even begun to think of something like that.  Amazing results, from amazing people.  For those that don't know their history, U of M is also the originator of LDAP.  (Note, I'm an Ohio State Buckeye fan, so go Bucks!  But I've got to give credit, where credit is due...)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

former33t

Full Member
Full Member

Posts: 226

Joined: Sat Feb 14, 2009 12:33 am

Post Tue Mar 09, 2010 6:27 pm

Re: 1024-bit RSA encryption cracked by carefully starving CPU of electricity

Yeah, I can't wait to see the full writeup on this.

I'm surprised that DoD hasn't stopped this from being presented.  In the US, you are required to submit research on number theory to DoD for pre-publication review (the original intent was to give them a heads up on a prime factorization flaw to avoid breaking public key crypto).  While some may argue, I think this falls squarely into number theory and personally, I don't think it should be released until RSA has a chance to review the attack and fix the flaw (if that's even possible).  I'm normally for information disclosure, but RSA is too fundamental to the economy IMHO.
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Wed Mar 10, 2010 12:53 am

Re: 1024-bit RSA encryption cracked by carefully starving CPU of electricity

former33t wrote:In the US, you are required to submit research on number theory to DoD for pre-publication review (the original intent was to give them a heads up on a prime factorization flaw to avoid breaking public key crypto).


Interesting, didn't know that before. Looking forward to the full paper as well.

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software