Truly, nothing is safe

Posted: Thu, 19 December 2013 | permalink | 1 Comment

Quoted from a recent Debian Security Advisory:

Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts.

Side channel attacks are the ones that terrify me the most. You can cryptanalyse the algorithm and audit the implementation as much as you like, and then still disclose key material because your computer makes noise.

1 Comment

From: Jeremy
2013-12-19 18:16

On my desktop PC (generic MSI motherboard), when my CPU is in use, it makes audible interference on the headphone audio jack.

Even trivial things like whether the terminal I’m dragging around the screen has background transparency enabled drastically affects the nature of the noise.

I have no doubt there are some privacy implications there.

On a related note, have you seen the Torturing OpenSSL talk, where the input voltage was adjusted to induce computational errors, which in turn allowed the private key to be revealed?

Post a comment

All comments are held for moderation; markdown formatting accepted.

This is a honeypot form. Do not use this form unless you want to get your IP address blacklisted. Use the second form below for comments.
Name: (required)
E-mail: (required, not published)
Website: (optional)
Name: (required)
E-mail: (required, not published)
Website: (optional)
 
« So you think your test suite is comprehensive?
I am officially smarter than the Internet »