Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researchers find way to zap RSA algorithm

alphadogg (971356) writes | more than 4 years ago

Security 2

alphadogg (971356) writes "Three University of Michigan computer scientists say they have found a way to exploit a weakness in RSA security technology used to protect everything from media players to smartphones and e-commerce servers. RSA authentication is susceptible, they say, to changes in the voltage supply to a private key holder.While guessing the 1,000-plus digits of binary code in a private key would take unfathomable hours, the researchers say that by varying electric current to a secured computer using an inexpensive purpose-built device they were able to stress out the computer and figure out the 1,024-bit private key in about 100 hours – all without leaving a trace.

The researchers in their paper [spam URL stripped] outline how they made the attack on a SPARC system running Linux."

Link to Original Source

cancel ×

2 comments

Sorry! There are no comments related to the filter you selected.

I wouldn't worry about this (1)

Chris Rhodes (1059906) | more than 4 years ago | (#31361388)

If you're running a network server. It might be a novel way to break RSA based hardware encryption on a device you have physical access to. And that you want to spend this amount of time messing with. It is a value proposition for breaking into stolen devices. But if you have a cage and conditioned power supply, this is non-news. The PDF does state that devices like blueray are susceptible because of easy physical access. But it talks about SSL servers being susceptible. If you have physical access to a running SSL server box, I think this method is a bit of overkill.

Physical Traces (1)

Chris Rhodes (1059906) | more than 4 years ago | (#31361532)

Considering how much trouble you'd have to go through to bypass voltage regulation, which is designed to remove this kind of noise, I think you would leave traces. Most of the article is pure crap. But it is still interesting.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?