allaboutsymbian
March 9th, 2010, 08:05
http://www.blogcdn.com/www.engadget.com/media/2010/03/3-8-10-rsahardwarefaultattackgraphic.jpg (http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf)
Since 1977, RSA public-key encryption (http://www.engadget.com/tag/encryption) has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500 years of processing time) felling its 768-bit variety earlier this year. Now, three eggheads (or Wolverines, as it were) at the University of Michigan (http://www.engadget.com/tag/university+of+michigan) claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack (http://www.engadget.com/tag/hack/) 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. That's why they're presenting a paper at the Design, Automation and Test conference this week in Europe, and that's why -- until RSA hopefully fixes the flaw -- you should keep a close eye on your your server room's power supply.1024-bit RSA encryption cracked by carefully starving CPU of electricity (http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/) originally appeared on Engadget (http://www.engadget.com) on Tue, 09 Mar 2010 02:47:00 EST. Please see our terms for use of feeds (http://www.weblogsinc.com/feed-terms/).
Permalink (http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/) http://www.blogsmithmedia.com/www.engadget.com/media/post_label_VIA.gifThe Register (http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/), TechWorld (http://news.techworld.com/security/3214360/rsa-1024-bit-private-key-encryption-cracked/) | http://www.blogsmithmedia.com/www.engadget.com/media/post_label_source.gifUniversity of Michigan (http://www.ns.umich.edu/htdocs/releases/story.php?id=7551) | Email this (http://www.engadget.com/forward/19388881/) | Comments (http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/#comments)
More... (http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/)
Since 1977, RSA public-key encryption (http://www.engadget.com/tag/encryption) has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500 years of processing time) felling its 768-bit variety earlier this year. Now, three eggheads (or Wolverines, as it were) at the University of Michigan (http://www.engadget.com/tag/university+of+michigan) claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack (http://www.engadget.com/tag/hack/) 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. That's why they're presenting a paper at the Design, Automation and Test conference this week in Europe, and that's why -- until RSA hopefully fixes the flaw -- you should keep a close eye on your your server room's power supply.1024-bit RSA encryption cracked by carefully starving CPU of electricity (http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/) originally appeared on Engadget (http://www.engadget.com) on Tue, 09 Mar 2010 02:47:00 EST. Please see our terms for use of feeds (http://www.weblogsinc.com/feed-terms/).
Permalink (http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/) http://www.blogsmithmedia.com/www.engadget.com/media/post_label_VIA.gifThe Register (http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/), TechWorld (http://news.techworld.com/security/3214360/rsa-1024-bit-private-key-encryption-cracked/) | http://www.blogsmithmedia.com/www.engadget.com/media/post_label_source.gifUniversity of Michigan (http://www.ns.umich.edu/htdocs/releases/story.php?id=7551) | Email this (http://www.engadget.com/forward/19388881/) | Comments (http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/#comments)
More... (http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/)