On Tue, 2013-12-24 at 00:23 -0500, Greg Freemyer wrote:
Beyond belief:
http://www.forbes.com/sites/timworstall/2013/12/21/researchers-break-rsa-409...
4096 bit encryption key broken by "listening" to a computer decrypt known emails.
I haven't read the paper about it yet.
Greg
Hi Greg, Just skimmed through the paper.... As the subject is more-or-less the mere existance of my daily job, the title itself cause some instant grey hairs :-) My first reaction: Even if (!) it does not fall into the category of urban legends, then still - they had access to the machine that holds the private key - That machine should not be doing anything else - they had the willing help of a person knowing how to unlock the private key. - nearly unlimited, unhindered access for replaying With these factors they did a differential audio analysis. As a proper counter measure i would suggest to use a number of machines side-by-side, and a device playing sexpistols "God-save-the-queen" (or louder) In their paper they also talk about differential voltage analysis, a more likelier method of crypto attack than the use of audio. I presume if you see people doing such study on your machine, you should wonder. Bottom line: Don't give "others" access to your machines. And _that_ is a complete new idea in security-land. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org