Announcement

Collapse
No announcement yet.

Cracking RSA encryption via Powersupply

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Cracking RSA encryption via Powersupply

    http://www.infosecurity-us.com/view/...-power-supply/

    Using this technique, they were able to expose four bits of the key at a time, and assemble the entire 1024-bit key in 104 hours using a cluster of 81 2.4-GHz Pentium 4 computers.
    Ok, I'm all for fixing security problems, but to me, this doesn't really seem like a problem. From what I understand, they'd need physical access to the device, in it's running state while it's processing the information that you want to decrypt. So chances are, you'd want to be doing this secretly.

    I think it would be pretty difficult to sneak inside a building for 104 hours with 4 or 5 full racks of 2.4Ghz machines and pull this off. It's great to see that OpenSSL is going to fix the problem, and kudos to the guys that figured it out, but is it something that was could have been exploited in the wild?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
    Tags: None
  • #2
    Re: Cracking RSA encryption via Powersupply

    I might be a little biased on the subject but I had some opinions to offer.

    Originally posted by streaker69 View Post
    Ok, I'm all for fixing security problems, but to me, this doesn't really seem like a problem. From what I understand, they'd need physical access to the device, in it's running state while it's processing the information that you want to decrypt. So chances are, you'd want to be doing this secretly.
    While I see your point on the matter, I do have to disagree with you. The attack may not seem like the most feasible however, I believe it could be performed remotely. Depending on what sort of BIOS/ACPI setup you have, I propose that this attack would be possible remotely by controlling them in software and using them to induce the faults. Furthermore this type of vulnerability would only become more severe due to some sort of flaw in the hardware that could exploited. As time progresses it will be come increasingly more important to realize that one can not assume that their hardware is secure and needs to consider attacks such as these as possible if not plausible.

    Originally posted by streaker69 View Post
    I think it would be pretty difficult to sneak inside a building for 104 hours with 4 or 5 full racks of 2.4Ghz machines and pull this off.
    Would they really need to bring the servers in? It seems like something that could be pushed to a remote location with distributed services.

    Originally posted by streaker69 View Post
    It's great to see that OpenSSL is going to fix the problem, and kudos to the guys that figured it out, but is it something that was could have been exploited in the wild?
    Even if it is something which would be difficult to exploit in the wild - the point is that it still existed. Maybe it's just academic now but what happens in 5 years when all of this starts to become child's play? In my opinion, I feel that it's a good thing that people are looking in this area because as time progresses, I see this becoming an increasingly more significant threat. Right now flaws are being found by taking advantage of faults that exist as a by product of design/production. What happens however when someone starts designing the flaws into the system - this is what scares me. Okay enough drum beating from me
    afterburn

    Comment

    Previous template Next
    Working...
    X