Developping for the translation industry RSS 2.0



 Wednesday, 10 March 2010

First off: no, it’s not a joke! April 1st is in three weeks.

Since 1977, RSA public-key encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe. Only the most brutish of brute force efforts (and 1,500 years of processing time) could manage to bypass its 768-bit variety.

Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer. That's why they're presenting a paper at the Design, Automation and Test conference this week in Europe, and that's why -- until RSA hopefully fixes the flaw -- you should keep a very close eye on your server room's power supply.

From the article on techworld:

RSA authentication is susceptible, they say, to changes in the voltage supply to a private key holder. The researchers – Andrea Pellegrini, Valeria Bertacco and Todd Austin - outline their findings in a paper titled “Fault-based attack of RSA authentication”  to be presented 10 March at the Design, Automation and Test in Europe conference.

Quite scary…

 

Other posts:

US Investigators Pinpoint Author Of Google Attack Code

Google Translator Hacked

What is LDAP injection?

Tips to enhance your SQL Server security

Password aren't a good defense?

Wednesday, 10 March 2010 09:32:52 (Eastern Standard Time, UTC-05:00)  #    Comments [0] -
News | Security
Comments are closed.

Navigation
Advertisement
About the author/Disclaimer

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

© Copyright 2017
Stanislas Biron
Sign In
Statistics
Total Posts: 135
This Year: 0
This Month: 0
This Week: 0
Comments: 1
All Content © 2017, Stanislas Biron