Posted on 03/09/2010 7:05:31 AM PST by dangerdoc
Since 1977, RSA public-key encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500 years of processing time) felling its 768-bit variety earlier this year. Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. That's why they're presenting a paper at the Design, Automation and Test conference this week in Europe, and that's why -- until RSA hopefully fixes the flaw -- you should keep a close eye on your server room's power supply.
!
bttt
Increase the PHYSICAL security of the DataCenter
Of course this requires physical access, but still...
I didn’t know pedophile news was pushed here
Huh?!?!?
“Increase the PHYSICAL security of the DataCenter”
yes.... and no.
You’d also need to unplug from the outside world to prevent encrypted files being copied and cracked offsite. Unplugging from the outside world kind of defeats the purpose of having a datacenter in the first place.
Believe me, physical security is patchwork for our world’s datacenters. As a DC engineer, I can personally attest to the need for physical security in a DC.
I wonder if they have basically invented a non-deterministic Finite State Machine?
http://en.wikipedia.org/wiki/Nondeterministic_finite_state_machine
http://en.wikipedia.org/wiki/Deterministic_finite-state_machine
WTF?
In before the bunny with a pancake picture shows up.
Or maybe more to the point they found a subclass of P = NP?
In this theory, the class P consists of all those decision problems (defined below) that can be solved on a deterministic sequential machine in an amount of time that is polynomial in the size of the input; the class NP consists of all those decision problems whose positive solutions can be verified in polynomial time given the right information, or equivalently, whose solution can be found in polynomial time on a non-deterministic machine.[6] Arguably the biggest open question in theoretical computer science concerns the relationship between those two classes:
Is P equal to NP?
In a 2002 poll of 100 researchers 61 believed the answer to be no, 9 believed the answer is yes, and 22 were unsure; 8 believed the question may be independent of the currently accepted axioms and so impossible to prove or disprove.[7]
Sounds like you need to have physical possession of the computer to do this.
A non-birthcertificate-device is reportedly here to change all that.
If you have no physical security, you have no security.
Period.
?????????????????????
Security consists of many components, all of which are important. Most security losses are due to internal sources which are approved thru the physical controls
.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.