New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
RamBleed "we used RAMBleed to leak a 2048 bit RSA key"
"As an example, in our paper we demonstrate an attack against OpenSSH in which we use RAMBleed to leak a 2048 bit RSA key. However, RAMBleed can be used for reading other data as well. "
Comments
The end is nigh
Frankly, I'm not worried. Multiple reasons. For one such work is almost always done in lab conditions which usually are very different from the wild out there. Another point to note is that in this case (which certainly wasn't chosen by random) the algorithm played a major role and helped a lot; note that a 2048 bit key ~ 256 bytes which due to its size and the size of L1 caches risks to be re-read from memory. With a (significantly smaller) ECC algorithm the whole story is quite different. Another culprit is the fact that keys (of any kind) are in "clear" in the RAM in the first place. That is a protocol and implementation problem that could be mitigated.
So I do not expect any significant real world problems due to Rambleed anytimes soon and, if they came up, they could be mitigated.
If one really wants to be worried then there is a whole lot of other problems, beginning with serious processor vulnerabilities and not ending with poor design and implementation of major security software (libraries, TLS, etc.).
But: nice research.
Everyone DO THIS, NOW!!!
Users can mitigate their risk by upgrading their memory to_ DDR4 with targeted row refresh (TRR) enabled_. While Rowhammer-induced bit flips have been demonstrated on TRR, it is harder to accomplish in practice.
Yes, but i can't upgrade my board, it's DDR3.
This basically means new computers for all...
Even more so for embedded devices.
Meh, fuck it, safe enough.
That's ridiculous advice.
Of course, you just buy DDR4 and put it into DDR2 machines, will work like magic.
You mean "it will be magic if it works" :-D
The important thing is, to keep the power on, so it sparks.
Makes it feel more like magic.
They call it magic blue smoke for a reason
Yeah right, panic is the perfect solution.
Btw, in case my wording above was too complicated: There are plenty far more real world dangers out there.
I hope that nobody thinks I was suggesting they follow the Rambleed advice. I'll have to start using a sarcam tag?
At the moment I'm using an old AMD DDR3 machine that's working fine, and no plans to change the mb/memory/cpu due to this new "threat."
RSA 512 compromised sometime ago. I know this is side-channel and can be avoided but will the day come when RSA 2048 can be broken with brute force...
The attack will probably not be usable in the real world. There's usually too much noise on hypervisors to make any attempt of reading memory of other guests useless.
no one wants to read my porn anyways