[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Fault-Based Attack of RSA Authentication

To: or-talk@xxxxxxxxxxxxx
Subject: Fault-Based Attack of RSA Authentication
From: basile <basile@xxxxxxxxxxxxxxxxxx>
Date: Thu, 04 Mar 2010 19:20:36 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Thu, 04 Mar 2010 19:25:54 -0500
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.23 (X11/20090817)

Hi everyone,

I thought this might be of interest to the list.   Pellegrini, Bertacco
and Austin at U of Michigan have found an interesting way to deduce the
secret key by fluctuating a device's power supply.  Its a minimal threat
against servers, but against hand held devices its more practical.  The
openssl people say there's an easy fix by salting.

Here's some referneces:

http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/

http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf


-- 

Anthony G. Basile, Ph.D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
USA

(716) 829-8197

Attachment: signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- Re: Fault-Based Attack of RSA Authentication
  - From: Marco Bonetti

Prev by Author: Fasttrack for Tor ?
Next by Author: Tor-ramdisk 20100309 has been released
Previous by thread: Startup script (OSX) broken
Next by thread: Re: Fault-Based Attack of RSA Authentication
Index(es):
- Author
- Thread