-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 basile wrote: > I thought this might be of interest to the list. Pellegrini, Bertacco > and Austin at U of Michigan have found an interesting way to deduce the > secret key by fluctuating a device's power supply. Its a minimal threat > against servers, but against hand held devices its more practical. The > openssl people say there's an easy fix by salting. Looks like against hand devices has already been done ;-) I submitted your links to my friend Barenghi of Politecnico di Milano who is researching in this field: last year they ran this kind of attack against a SPEAr Head200 development board, equipped with an ARM926EJ-S running on Linux 2.6.15. Results on RSA attacks are published here: http://home.dei.polimi.it/barenghi/files/FDTC2009.pdf While he was at it, he also added that they'll publish soon newer attacks against AES 128, 192 and 256, quite impressing stuff! Which has just been pubblished as a technical report at: http://eprint.iacr.org/2010/130
ciao! - -- Marco Bonetti Tor research and other stuff: http://sid77.slackware.it/ Slackintosh Linux Project Developer: http://workaround.ch/ Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/ My GnuPG key id: 0x0B60BC5F -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuVBWUACgkQTYvJ9gtgvF98WQCeK5QfduAnAyG2BGljAr9hj0nC wOgAoN+Dj5/yZy/3H7+/fLWa3pPhhfpm =syNY -----END PGP SIGNATURE----- *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
