Engadget - Comments for

Engadget - Comments for http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/ Engadget Comments for http://www.engadget.com/media/feedlogo.gif Engadget http://www.engadget.com en-us Copyright 2012 Weblogs, Inc. The contents of this feed are available for non-commercial use only. Blogsmith http://www.blogsmith.com/<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/
Its that simple.]]>Mar 9th 2010 2:54AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/
That's why some people only buy Alienware™. ]]>Mar 9th 2010 3:06AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 6:21AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/I don't get it, doesn't this mean they need access to the private key in the first place? This requires tampering with the CPU that is encrypting my message with my private key. If you have that access, just take my private key already... If I'm sending an encrypted message over the internet, nobody can fluctuate my computers' power supply before it's already encrypted and shot off to the interwebs.

I guess a well implemented virus can do such a thing, but then again, if there's a virus that can 'carefully starve my CPU', it can probably access pretty much anything on my computer anyway.]]>Mar 9th 2010 6:46AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/
They used P4s to get the key from a SPARC]]>Mar 9th 2010 9:41AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/I hate these kind of posts that induce completely unfounded and unrealistic paranoia. First of all this is specific to an implementation, THEIR implementation that relies on meticulously placed data in memory and what not. Anything can be setup to fail like this. You do not have access to the server in any real world application. This is not a reason to be even slightly concerned.

It's like being concerned that a midget could be hiding inside your safe and will open it when a burglar comes by.]]>Mar 9th 2010 11:18AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/
Theirs a midget in my safe? why din't anyone tell me this sooner??? I have to get home!]]>Mar 9th 2010 3:14PM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/However, I think the beauty is in the process, and how they did it...

]]>Mar 9th 2010 9:03PM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele//. reported this ages ago.]]>Mar 9th 2010 2:55AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 10:37AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 2:57AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 2:58AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 3:42AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/A year ago Cisco had to recall a bunch of their switches/routers that had been manufactured in China and delivered to US agencies because the Chinese had manufactured weaknesses into them in order to aid their hackers.

Where are your power supplies made? Is anything out of the question in this day and age? ]]>Mar 9th 2010 4:29AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/link please I would love to read that store.]]>Mar 9th 2010 5:04AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/
Indeed! That is one helluva clever approach.

I thought I might add though that they don't need access to your server room. If you think about it one carefully placed router tweaked internally would suffice ]]>Mar 9th 2010 5:25AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 5:46AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/They did not crack anything. If your server is compromised, you can just transfer the private key via 100s of methods. Including just reading it off the HDD since you have so much access to adjust the CPU voltage.]]>Mar 9th 2010 11:22AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/It's not really that hard to imagine a scenario where sensitive items fall into the wrong (or right) hands.

Think of all the times that a laptop with sensitive data has been lost or stolen. Or in a war zone where a officers with toughbooks full of troop movements or deployment info being ambushed or simply having their laptop stolen.

There's also the NSA law enforcement line. Any equipment seized in a raid can be cracked. Very helpful in prosecuting people breaking the law who are smart enough to encrypt their data. This crack could lead to busting of child pornography rings.]]>Mar 9th 2010 11:25AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 3:01AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/I already know the password. This is just for fun. *CLUB*]]>Mar 9th 2010 11:23AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/
Brute force FTW!]]>Mar 9th 2010 12:08PM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 3:02AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 3:10AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 3:17AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 3:21AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 3:21AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/
Breaks like these are presented all the time. There was even one about Rijndael that could be broken, though it was a few rounds less than what AES-128 required.

Me thinks even the US government would welcome such research as it is better to be discovered now by a good guy instead of being instantly exploited by a bad guy.]]>Mar 9th 2010 4:04AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 4:16AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 8:16AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 3:26AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 4:33AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 5:20AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 10:05AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/
Also, would that work on a server running in a VM?

It's amazing they did that (talk about precision when you need to generate one error per clock cycle), but it's not a real threat.]]>Mar 9th 2010 3:35AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 4:31AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 3:50AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/How to stop themselves from hacking...]]>Mar 9th 2010 4:22AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/your mom?]]>Mar 9th 2010 5:15AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 4:30AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 5:13AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/I meant if they have that level of physical access already you have a problem since adjusting power to the server would require access to the servers actual power supply if not motherboard not simply the mains feeding it - any blips you caused in the mains would be smoothed out by the PSU or the server would just shut off.]]>Mar 9th 2010 5:22AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/
"RSA (which stands for Rivest, Shamir and Adleman who first publicly described it) is an algorithm for public-key cryptography[1]. It is the first algorithm known to be suitable for signing as well as encryption, and was one of the first great advances in public key cryptography."

How can an algorithm fix itself?]]>Mar 9th 2010 7:41AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://en.wikipedia.org/wiki/RSA_Security

... but this kind of implementation flaw is unfixable in the algorithm. Not to worry, though - it's always been up to sysadmins to provide physical & control-level security for their computers.]]>Mar 9th 2010 10:10AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 7:57AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 10:12AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 9:29AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 10:28AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 11:23AM<![CDATA[Comments on ]]>http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/Mar 9th 2010 4:41PM