[opensuse] Fwd: [DFIR] Researchers Break RSA 4096 Encryption With Just A Microphone And A Couple Of Emails - Forbes
Beyond belief: http://www.forbes.com/sites/timworstall/2013/12/21/researchers-break-rsa-409... 4096 bit encryption key broken by "listening" to a computer decrypt known emails. I haven't read the paper about it yet. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 24/12/13 16:23, Greg Freemyer wrote:
Beyond belief:
http://www.forbes.com/sites/timworstall/2013/12/21/researchers-break-rsa-409...
4096 bit encryption key broken by "listening" to a computer decrypt known emails.
I haven't read the paper about it yet.
Greg Those Israelis are very clever doncha know. The NSA has nutin' on Mossad......
(This story has been around for at least 2 days now...... http://www.dailymail.co.uk/sciencetech/article-2527166/Hackers-steal-persona... ) BC -- Using openSUSE 13.1, KDE 4.12.0 & kernel 3.12.5-2 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX660 OC 2GB DDR5 GPU -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, 2013-12-24 at 00:23 -0500, Greg Freemyer wrote:
Beyond belief:
http://www.forbes.com/sites/timworstall/2013/12/21/researchers-break-rsa-409...
4096 bit encryption key broken by "listening" to a computer decrypt known emails.
I haven't read the paper about it yet.
Greg
Hi Greg, Just skimmed through the paper.... As the subject is more-or-less the mere existance of my daily job, the title itself cause some instant grey hairs :-) My first reaction: Even if (!) it does not fall into the category of urban legends, then still - they had access to the machine that holds the private key - That machine should not be doing anything else - they had the willing help of a person knowing how to unlock the private key. - nearly unlimited, unhindered access for replaying With these factors they did a differential audio analysis. As a proper counter measure i would suggest to use a number of machines side-by-side, and a device playing sexpistols "God-save-the-queen" (or louder) In their paper they also talk about differential voltage analysis, a more likelier method of crypto attack than the use of audio. I presume if you see people doing such study on your machine, you should wonder. Bottom line: Don't give "others" access to your machines. And _that_ is a complete new idea in security-land. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hans, et al -- ...and then Hans Witvliet said... % % On Tue, 2013-12-24 at 00:23 -0500, Greg Freemyer wrote: % > Beyond belief: % > % > http://www.forbes.com/sites/timworstall/2013/12/21/researchers-break-rsa-409... [snip] Indeed. Check out https://schneier.com/blog/archives/2013/12/acoustic_crypta.html as well. Merry Christmas :-D -- David T-G See http://justpickone.org/davidtg/email/ See http://justpickone.org/davidtg/tofu.txt
Greg Freemyer wrote:
Beyond belief:
http://www.forbes.com/sites/timworstall/2013/12/21/researchers-break-rsa-409...
4096 bit encryption key broken by "listening" to a computer decrypt known emails.
I haven't read the paper about it yet.
Greg
I think it's a hoax, to make us give up on trying to protect anything with encryption. The article is basically making the case that we can get distinquishable (from each other) sounds made by the heatin and cooling of individual register bits and other digital logic within the CPU and other chips. I find that beyond credibility considering the other noise in the environment -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/24/2013 11:58 AM, Dirk Gently wrote:
Greg Freemyer wrote:
Beyond belief:
http://www.forbes.com/sites/timworstall/2013/12/21/researchers-break-rsa-409...
4096 bit encryption key broken by "listening" to a computer decrypt known emails.
I haven't read the paper about it yet.
Greg
I think it's a hoax, to make us give up on trying to protect anything with encryption.
The article is basically making the case that we can get distinquishable (from each other) sounds made by the heatin and cooling of individual register bits and other digital logic within the CPU and other chips.
I find that beyond credibility considering the other noise in the environment
Well, download the entire paper http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf and see if you still think its a hoax. The point is, like many of these things, it works only in the Lab, and in a typical office with more than one computer, you could never pull it off. You have to know exactly when the computer is opening the specific email, (the contents of which are known to you). If a different computer is used, you have to start all over. If the computer is reading the web, or doing any other work, you are also screwed. And of course you need to convince your victim to sit quietly and open encrypted emails after you drape equipment all over the office. Far more worrisome is the far-end-cable attack mentioned in Appendix B. On a large corporate network, anyone with access to the patch-panel might be able to pull off such an attack. Real world: No. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 25/12/13 07:48, John Andersen wrote:
On 12/24/2013 11:58 AM, Dirk Gently wrote:
Greg Freemyer wrote:
Beyond belief:
http://www.forbes.com/sites/timworstall/2013/12/21/researchers-break-rsa-409...
4096 bit encryption key broken by "listening" to a computer decrypt known emails.
I haven't read the paper about it yet.
Greg
I think it's a hoax, to make us give up on trying to protect anything with encryption.
The article is basically making the case that we can get distinquishable (from each other) sounds made by the heatin and cooling of individual register bits and other digital logic within the CPU and other chips.
I find that beyond credibility considering the other noise in the environment Well, download the entire paper http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf and see if you still think its a hoax.
The point is, like many of these things, it works only in the Lab, and in a typical office with more than one computer, you could never pull it off. You have to know exactly when the computer is opening the specific email, (the contents of which are known to you). If a different computer is used, you have to start all over. If the computer is reading the web, or doing any other work, you are also screwed. And of course you need to convince your victim to sit quietly and open encrypted emails after you drape equipment all over the office.
Far more worrisome is the far-end-cable attack mentioned in Appendix B. On a large corporate network, anyone with access to the patch-panel might be able to pull off such an attack.
Real world: No.
The conclusidng words reminded me of the famous words uttered by our own very special Bill Gates, "64K is enough for anybody." :-) . Not to mention those immortal words uttered, "If God wanted us to fly He would have given us wings!". BC -- Using openSUSE 13.1, KDE 4.12.0 & kernel 3.12.5-2 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX660 OC 2GB DDR5 GPU -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (6)
-
Basil Chupin -
David T-G -
Dirk Gently -
Greg Freemyer -
Hans Witvliet -
John Andersen