Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

1024-bit RSA encryption cracked by carefully starving CPU of electricity
Engadget ^ | 3/9/10 | Sean Hollister

Posted on 03/09/2010 7:05:31 AM PST by dangerdoc

Since 1977, RSA public-key encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500 years of processing time) felling its 768-bit variety earlier this year. Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. That's why they're presenting a paper at the Design, Automation and Test conference this week in Europe, and that's why -- until RSA hopefully fixes the flaw -- you should keep a close eye on your server room's power supply.


TOPICS: Computers/Internet
KEYWORDS:
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-64 next last
Interesting article.
1 posted on 03/09/2010 7:05:31 AM PST by dangerdoc
[ Post Reply | Private Reply | View Replies]

To: ShadowAce

!


2 posted on 03/09/2010 7:06:34 AM PST by stainlessbanner
[ Post Reply | Private Reply | To 1 | View Replies]

To: dangerdoc

bttt


3 posted on 03/09/2010 7:08:02 AM PST by rdl6989 (January 20, 2013- The end of an error.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dangerdoc

4 posted on 03/09/2010 7:10:45 AM PST by JoeProBono (A closed mouth gathers no feet)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dangerdoc
Increase the PHYSICAL security of the DataCenter

5 posted on 03/09/2010 7:11:12 AM PST by Uri’el-2012 (Psalm 119:174 I long for Your salvation, YHvH, Your law is my delight.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dangerdoc

Of course this requires physical access, but still...


6 posted on 03/09/2010 7:11:34 AM PST by Pessimist (u)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dangerdoc

I didn’t know pedophile news was pushed here


7 posted on 03/09/2010 7:12:12 AM PST by downwdims (It does not take a majority to prevail... but rather an irate, tireless minority)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dangerdoc; rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...

8 posted on 03/09/2010 7:13:00 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: downwdims
I didn’t know pedophile news was pushed here

Huh?!?!?

9 posted on 03/09/2010 7:14:56 AM PST by Yossarian
[ Post Reply | Private Reply | To 7 | View Replies]

To: UriÂ’el-2012

“Increase the PHYSICAL security of the DataCenter”

yes.... and no.
You’d also need to unplug from the outside world to prevent encrypted files being copied and cracked offsite. Unplugging from the outside world kind of defeats the purpose of having a datacenter in the first place.


10 posted on 03/09/2010 7:15:13 AM PST by AussieJoe
[ Post Reply | Private Reply | To 5 | View Replies]

To: UriÂ’el-2012

Believe me, physical security is patchwork for our world’s datacenters. As a DC engineer, I can personally attest to the need for physical security in a DC.


11 posted on 03/09/2010 7:15:46 AM PST by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: ShadowAce

I wonder if they have basically invented a non-deterministic Finite State Machine?

http://en.wikipedia.org/wiki/Nondeterministic_finite_state_machine

http://en.wikipedia.org/wiki/Deterministic_finite-state_machine


12 posted on 03/09/2010 7:17:06 AM PST by 2 Kool 2 Be 4-Gotten
[ Post Reply | Private Reply | To 8 | View Replies]

To: downwdims
I didn’t know pedophile news was pushed here

WTF?

In before the bunny with a pancake picture shows up.

13 posted on 03/09/2010 7:17:25 AM PST by KarlInOhio (New Olympic tagline Shut up, Bob Costas. Shut up! Shut up! Shut up! Shut up! Shut up! Shut up!)
[ Post Reply | Private Reply | To 7 | View Replies]

To: dangerdoc
and that's why -- until RSA hopefully fixes the flaw -- you should keep a close eye on your server room's power supply.


14 posted on 03/09/2010 7:17:48 AM PST by Yo-Yo (Is the /sarc tag really necessary?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: 2 Kool 2 Be 4-Gotten

Or maybe more to the point they found a subclass of P = NP?

In this theory, the class P consists of all those decision problems (defined below) that can be solved on a deterministic sequential machine in an amount of time that is polynomial in the size of the input; the class NP consists of all those decision problems whose positive solutions can be verified in polynomial time given the right information, or equivalently, whose solution can be found in polynomial time on a non-deterministic machine.[6] Arguably the biggest open question in theoretical computer science concerns the relationship between those two classes:

Is P equal to NP?

In a 2002 poll of 100 researchers 61 believed the answer to be no, 9 believed the answer is yes, and 22 were unsure; 8 believed the question may be independent of the currently accepted axioms and so impossible to prove or disprove.[7]


15 posted on 03/09/2010 7:18:59 AM PST by 2 Kool 2 Be 4-Gotten
[ Post Reply | Private Reply | To 12 | View Replies]

To: dangerdoc

Sounds like you need to have physical possession of the computer to do this.


16 posted on 03/09/2010 7:21:20 AM PST by philetus (Keep doing what you always do and you'll keep getting what you always get.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rarestia
"As a DC engineer, I can personally attest to the need for physical security in a DC."

A “non-birthcertificate”-device is reportedly here to change all that.

17 posted on 03/09/2010 7:21:28 AM PST by Diogenesis ("Resistance to tyrants is obedience to God." --Thomas Jefferson)
[ Post Reply | Private Reply | To 11 | View Replies]

To: dangerdoc

If you have no physical security, you have no security.

Period.


18 posted on 03/09/2010 7:31:33 AM PST by Ro_Thunder ("Other than ending SLAVERY, FASCISM, NAZISM and COMMUNISM, war has never solved anything")
[ Post Reply | Private Reply | To 1 | View Replies]

To: downwdims

?????????????????????


19 posted on 03/09/2010 7:32:23 AM PST by dangerdoc
[ Post Reply | Private Reply | To 7 | View Replies]

To: Ro_Thunder

Security consists of many components, all of which are important. Most security losses are due to internal sources which are approved thru the physical controls
.


20 posted on 03/09/2010 7:37:17 AM PST by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 18 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-64 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson