Anyone know more?

http://news.techworld.com/security/3214360/rsa-1024-bit-private-key-encryption-cracked/

RSA 1024-bit private key encryption cracked
Researchers find weakness in security system

By Network World Staff | Network World US
Published: 13:26 GMT, 05 March 10

Three University of Michigan computer scientists say they have found a
way to exploit a weakness in RSA security technology used to protect
everything from media players to smartphones and ecommerce servers.

RSA authentication is susceptible, they say, to changes in the voltage
supply to a private key holder. The researchers – Andrea Pellegrini,
Valeria Bertacco and Todd Austin - outline their findings in a paper
titled “Fault-based attack of RSA authentication”  to be presented 10
March at the Design, Automation and Test in Europe conference.

"The RSA algorithm gives security under the assumption that as long as
the private key is private, you can't break in unless you guess it.
We've shown that that's not true," said Valeria Bertacco, an associate
professor in the Department of Electrical Engineering and Computer
Science, in a statement.

The RSA algorithm was introduced in a 1978 paper outlining the
public-key cryptosystem. The annual RSA security conference is being
held this week in San Francisco.

While guessing the 1,000-plus digits of binary code in a private key
would take unfathomable hours, the researchers say that by varying
electric current to a secured computer using an inexpensive
purpose-built device they were able to stress out the computer and
figure out the 1,024-bit private key in about 100 hours – all without
leaving a trace.

The researchers in their paper outline how they made the attack on a
SPARC system running Linux. They also say they have come up with a
solution, which involves a cryptographic technique called salting that
involves randomly juggling a private key's digits.

The research is funded by the National Science Foundation and the
Gigascale Systems Research Center.

-- 
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to