Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Using Acoustic Cryptanalysis, Some guys were able to crack 4096bit RSA key in just one hour!
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Using Acoustic Cryptanalysis, Some guys were able to crack 4096bit RSA key in just one hour!

ironhideironhide Member
in General

And that is just by using a mobile phone!!! :P

http://www.cs.tau.ac.il/~tromer/acoustic/

Damn!

Thanked by 2taronyu tchen

Comments

  • vedranvedran Veteran

    Q5: What are some examples of attack scenarios?

    Send your server to a colocation facility, with a good microphone inside the box, and then acoustically extract keys from all nearby servers.

    Oh crap

    Thanked by 1Mark_R
  • tchentchen Member

    Patched in Debian at least
    http://www.debian.org/security/2013/dsa-2821

  • rds100rds100 Member

    What worries me is that they are now making this public. Imagine what other new ways they know, to decide that this info is no longer secret and can be released to the public.

  • tchentchen Member

    @rds100 said:
    What worries me is that they are now making this public. Imagine what other new ways they know, to decide that this info is no longer secret and can be released to the public.

    http://en.wikipedia.org/wiki/Side_channel_attack

    There's quite a few ways :)

  • MagiobiwanMagiobiwan Member

    @vedran said:
    Oh crap

    It would need to be a pretty good microphone though, given servers tend to have noisy fans, hard drives, etc. in them.

  • exussumexussum Member

    @Magiobiwan said:

    It would need to be a pretty good microphone though, given servers tend to have noisy fans, hard drives, etc. in them.

    Thats similar to saying you cant differentiate music and the wind.

    They all work in differnt ranges and are easy to tell apart. The background load on the CPU is more of a factor the the fan noise

  • pcanpcan Member
    edited December 2013

    This is why NATO military equipment is compliant to TEMPEST directives: see wikipedia for a relevant list of the actual MIL specs. Acoustic cryptanalysis is a very old story. The only newsworty part is the application to this specific domain.

    Servers are enclosed in a metal enclousure. This is a far cry from the NATO tempest specifications, but is effective against this attack. Notice that the paper authors extracted the key from a (plastic) laptop.

    Thanked by 1tchen
  • ErawanArifNugrohoErawanArifNugroho Member

    This news, comes in the The Hacker news a few weeks ago.

  • GoodHostingGoodHosting Member

    Just another reiteration of the "I got your password from listening to your keys" meme seen in a lot of spy movies, heh.

  • MagiobiwanMagiobiwan Member

    BRB writing GUI in Visual Basic to track down an IP and give me a location. Also to enhance an insanely blurry surveillance video frame into a crystal clear license plate.

  • dccdcc Member, Host Rep

    Nothing beats good old thermorectal cryptanalysis. Very low tech, but cracks any encryption method known to mankind. Even one-way hashing algorithms become reversible with this method.

  • ironhideironhide Member

    dcc said: Nothing beats good old thermorectal cryptanalysis. Very low tech, but cracks any encryption method known to mankind. Even one-way hashing algorithms become reversible with this method.

    ROFLMAO!

  • dccdcc Member, Host Rep

    Yeah, and the best part... Even a kid can do it with a $20 soldering iron (no soldering skills required!)

Sign In or Register to comment.