On 08/22/2018 05:09 PM, Rob Schramm wrote: > While the keys that are processed in the Crypto Express cards should be > safe.. I am less sure about anything else. > > https://www.bleepingcomputer.com/news/security/new-attack-recovers-rsa-encryption-keys-from-em-waves-within-seconds/ > > Rob Schramm
It actually sounds like a fairly restrictive attack. Requires close physical proximity (lack of physical security), but more importantly the speed of decryption is apparently dependent on knowledge of the specific code used by the OpenSSL Project (since a code mitigation was suggested to OpenSSL) and the knowledge that the emanated EM signals from the device occur "during a single decryption operation". How on earth does an EM observer know a time interval that a single decryption is occurring on the device unless they already have near total control over the device? JC Ewing -- Joel C. Ewing, Bentonville, AR [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
