Truly, nothing is safe
Posted: Thu, 19 December 2013 | permalink | 1 Comment
Quoted from a recent Debian Security Advisory:
Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts.
Side channel attacks are the ones that terrify me the most. You can cryptanalyse the algorithm and audit the implementation as much as you like, and then still disclose key material because your computer makes noise.
On my desktop PC (generic MSI motherboard), when my CPU is in use, it makes audible interference on the headphone audio jack.
Even trivial things like whether the terminal I’m dragging around the screen has background transparency enabled drastically affects the nature of the noise.
I have no doubt there are some privacy implications there.
On a related note, have you seen the Torturing OpenSSL talk, where the input voltage was adjusted to induce computational errors, which in turn allowed the private key to be revealed?
Post a comment
All comments are held for moderation; markdown formatting accepted.