From: basile <bas...@opensource.dyc.edu> Date: Thu, 04 Mar 2010 19:20:36 -0500 To: or-t...@freehaven.net Subject: Fault-Based Attack of RSA Authentication User-Agent: Thunderbird 2.0.0.23 (X11/20090817) Reply-To: or-t...@freehaven.net
Hi everyone, I thought this might be of interest to the list. Pellegrini, Bertacco and Austin at U of Michigan have found an interesting way to deduce the secret key by fluctuating a device's power supply. Its a minimal threat against servers, but against hand held devices its more practical. The openssl people say there's an easy fix by salting. Here's some referneces: http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/ http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf -- Anthony G. Basile, Ph.D. Chair of Information Technology D'Youville College Buffalo, NY 14201 USA (716) 829-8197 ---------- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com