On Wednesday (09/18/2019 at 09:19AM -0700), Guy Sotomayor Jr via cctalk wrote: > > > > On Sep 18, 2019, at 12:42 AM, Liam Proven via cctalk > > <cctalk@classiccmp.org> wrote: > > > > On Wed, 18 Sep 2019 at 02:19, Paul Koning via cctalk > > <cctalk@classiccmp.org> wrote: > >>> ... > >> Speaking of timing, that reminds me of two amazing security holes written > >> up in the past few years. Nothing to do with the Spectre etc. issue. > >> > >> One is the recovery of speech from an encrypted VoIP channel such as > >> Skype, by looking at the sizes of the encrypted data blocks. (Look for a > >> paper named "Hookt on fon-iks" by White et al.) The fix for this is > >> message padding. > >> > >> The other is the recovery of the RSA private key in a smartphone by > >> listening to the sound it makes while decrypting. The fix for this is > >> timing tweaks in the decryption inner loop. (Look for a paper by, among > >> others, Adi Shamir, the S in RSA and one of the world's top > >> cryptographers.) > >> > >> It's pretty amazing what ways people find to break into security > >> mechanisms. > > > > ... Wow. > > > > *Wow.* > > > > Thanks for those! > > In the deep dark days of yore, I recall an actual demonstration of being able > to read/replicate the contents of the screen (CRT) of a PC by looking at the > AC (e.g. mains) that the PC was plugged into. Admittedly it was relatively > low fidelity, but yikes!
https://en.wikipedia.org/wiki/Van_Eck_phreaking -- Chris Elmquist
