> On Sep 18, 2019, at 9:59 AM, Chris Elmquist <chr...@pobox.com> wrote:
>
> On Wednesday (09/18/2019 at 09:19AM -0700), Guy Sotomayor Jr via cctalk wrote:
>>
>>
>>> On Sep 18, 2019, at 12:42 AM, Liam Proven via cctalk
>>> <cctalk@classiccmp.org> wrote:
>>>
>>> On Wed, 18 Sep 2019 at 02:19, Paul Koning via cctalk
>>> <cctalk@classiccmp.org> wrote:
>>>>> ...
>>>> Speaking of timing, that reminds me of two amazing security holes written
>>>> up in the past few years. Nothing to do with the Spectre etc. issue.
>>>>
>>>> One is the recovery of speech from an encrypted VoIP channel such as
>>>> Skype, by looking at the sizes of the encrypted data blocks. (Look for a
>>>> paper named "Hookt on fon-iks" by White et al.) The fix for this is
>>>> message padding.
>>>>
>>>> The other is the recovery of the RSA private key in a smartphone by
>>>> listening to the sound it makes while decrypting. The fix for this is
>>>> timing tweaks in the decryption inner loop. (Look for a paper by, among
>>>> others, Adi Shamir, the S in RSA and one of the world's top
>>>> cryptographers.)
>>>>
>>>> It's pretty amazing what ways people find to break into security
>>>> mechanisms.
>>>
>>> ... Wow.
>>>
>>> *Wow.*
>>>
>>> Thanks for those!
>>
>> In the deep dark days of yore, I recall an actual demonstration of being
>> able to read/replicate the contents of the screen (CRT) of a PC by looking
>> at the AC (e.g. mains) that the PC was plugged into. Admittedly it was
>> relatively low fidelity, but yikes!
>
> https://en.wikipedia.org/wiki/Van_Eck_phreaking
> <https://en.wikipedia.org/wiki/Van_Eck_phreaking>
Cool!
Yea, I had to make a trip to a “secure facility” once and there were entire
“tempest” rooms with conditioned power and no external communications
equipment. The room itself (think *large*) was a faraday cage with a vault
door that was kept closed when ever there was sensitive stuff going on. Since
I didn’t have a security clearance, the door was open and everywhere I went
there were red lights in the rooms/halls that I was in that would be on to
indicate that no sensitive information should be discussed (makes you feel
really wanted). ;-)
TTFN - Guy
