Fault-Based Attack of RSA Authentication
Eugen Leitl
eugen at leitl.org
Fri Mar 5 07:55:11 EST 2010
From: basile <basile at opensource.dyc.edu>
Date: Thu, 04 Mar 2010 19:20:36 -0500
To: or-talk at freehaven.net
Subject: Fault-Based Attack of RSA Authentication
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
Reply-To: or-talk at freehaven.net
Hi everyone,
I thought this might be of interest to the list. Pellegrini, Bertacco
and Austin at U of Michigan have found an interesting way to deduce the
secret key by fluctuating a device's power supply. Its a minimal threat
against servers, but against hand held devices its more practical. The
openssl people say there's an easy fix by salting.
Here's some referneces:
http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/
http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
--
Anthony G. Basile, Ph.D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
USA
(716) 829-8197
----------
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list