> On Sep 18, 2019, at 12:42 AM, Liam Proven via cctalk <cctalk@classiccmp.org>
> wrote:
>
> On Wed, 18 Sep 2019 at 02:19, Paul Koning via cctalk
> <cctalk@classiccmp.org> wrote:
>>> ...
>> Speaking of timing, that reminds me of two amazing security holes written up
>> in the past few years. Nothing to do with the Spectre etc. issue.
>>
>> One is the recovery of speech from an encrypted VoIP channel such as Skype,
>> by looking at the sizes of the encrypted data blocks. (Look for a paper
>> named "Hookt on fon-iks" by White et al.) The fix for this is message
>> padding.
>>
>> The other is the recovery of the RSA private key in a smartphone by
>> listening to the sound it makes while decrypting. The fix for this is
>> timing tweaks in the decryption inner loop. (Look for a paper by, among
>> others, Adi Shamir, the S in RSA and one of the world's top cryptographers.)
>>
>> It's pretty amazing what ways people find to break into security mechanisms.
>
> ... Wow.
>
> *Wow.*
>
> Thanks for those!
In the deep dark days of yore, I recall an actual demonstration of being able
to read/replicate the contents of the screen (CRT) of a PC by looking at the AC
(e.g. mains) that the PC was plugged into. Admittedly it was relatively low
fidelity, but yikes!
TTFN - Guy
