[145152] in cryptography@c2.net mail archive
Re: 1024 bit RSA cracked?
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Tue Mar 16 13:47:34 2010
Date: Tue, 16 Mar 2010 11:45:08 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Udhay Shankar N <udhay@pobox.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <4B97C152.2050705@pobox.com>
On Wed, Mar 10, 2010 at 09:27:06PM +0530, Udhay Shankar N wrote:
> Anyone know more?
>
> http://news.techworld.com/security/3214360/rsa-1024-bit-private-key-encryption-cracked/
My initial reaction from reading only the abstract and parts of the
introduction is that the authors are talking about attacking hardware
that implements RSA (say, a cell phone) by injecting faults into the
system via the power supply of the device.
This isn't really applicable to server hardware in a data center (where
the power, presumably, will be conditioned and physical security will be
provided, also presumably) but this attack is definitely applicable to
portable devices -- laptops, mobiles, smartcards.
> "The RSA algorithm gives security under the assumption that as long as
> the private key is private, you can't break in unless you guess it.
> We've shown that that's not true," said Valeria Bertacco, an associate
> professor in the Department of Electrical Engineering and Computer
> Science, in a statement.
They're not the first ones to show that! Side-channel attacks have been
around for a while now. It's not just the algorithms, but the machine
executing them and its physical characteristics that matter.
Nico
--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
