Author

Topic: Scientist-devised crypto attack (Read 1360 times)

legendary
Activity: 1386
Merit: 1053
Please do not PM me loan requests!
March 09, 2014, 09:28:39 PM
#13
 It has to be efficient, they're SCIENTISTS! Roll Eyes
sr. member
Activity: 434
Merit: 250
March 09, 2014, 08:36:47 PM
#12
Isn't it really just a flaw with Intel chips, rather than OpenSSL?
member
Activity: 112
Merit: 10
March 09, 2014, 07:43:30 PM
#11
Is it theoretically possible to protect algorithms from side channel attacks by obfuscating their inner workings and fudging whatever signals they radiate?

Most likely a future update to OpenSSL
newbie
Activity: 30
Merit: 0
March 09, 2014, 07:09:36 PM
#10
Is it theoretically possible to protect algorithms from side channel attacks by obfuscating their inner workings and fudging whatever signals they radiate?
legendary
Activity: 1512
Merit: 1049
Death to enemies!
March 09, 2014, 06:56:01 PM
#9
So is this legit ?
Yes, but once an attacker has that level of access to your hardware all bets are off and for most people, bitcoin loss would be the least of their worries. Of course, big bitcoin holders might be targeted more, but really once an attacker is this close there are any number of other attacks that would be more practical.

So your saying he would have to be in the same room ?
Even closer. He wold have to run code on the same CPU.
So your saying he would have to be in the same room ?

The risk is that if a private key to one or more addresses is reused on a shared machine, such as in cloud computing, it is possible to determine the private key.  The researchers were able to determine the private key after 200 signings.

I would think that using disposable addresses where a private key is used to sign a transaction only once, should minimize or eliminate the risk.

Never ever use shared computer or cloud computing for anything. 95% of attack vectors closed.
full member
Activity: 156
Merit: 100
March 09, 2014, 06:45:26 PM
#8
Just have to assume anything is possible these days.
hero member
Activity: 742
Merit: 500
March 09, 2014, 11:51:48 AM
#7

The risk is that if a private key to one or more addresses is reused on a shared machine, such as in cloud computing, it is possible to determine the private key.  The researchers were able to determine the private key after 200 signings.


Assuming, of course, that all the electro-magnetic signal of sufficient machines in the cloud are under permanent laboratory observation with instruments carefully specified for each individual machine construction until the investigators manage to detect, attribute to the correct public key hash, and do all the necessary measurements on the 200 signings.  


I'll also note that, from the article, this is an OpenSSL (presumably temporary) weakness. Not Bitcoin's.
 
member
Activity: 112
Merit: 10
March 09, 2014, 10:30:58 AM
#6
So your saying he would have to be in the same room ?

The risk is that if a private key to one or more addresses is reused on a shared machine, such as in cloud computing, it is possible to determine the private key.  The researchers were able to determine the private key after 200 signings.

I would think that using disposable addresses where a private key is used to sign a transaction only once, should minimize or eliminate the risk.
hero member
Activity: 826
Merit: 500
Crypto Somnium
March 09, 2014, 03:28:45 AM
#5
So is this legit ?
Yes, but once an attacker has that level of access to your hardware all bets are off and for most people, bitcoin loss would be the least of their worries. Of course, big bitcoin holders might be targeted more, but really once an attacker is this close there are any number of other attacks that would be more practical.

So your saying he would have to be in the same room ?
full member
Activity: 154
Merit: 100
March 06, 2014, 08:16:55 PM
#4
So is this legit ?
Yes, but once an attacker has that level of access to your hardware all bets are off and for most people, bitcoin loss would be the least of their worries. Of course, big bitcoin holders might be targeted more, but really once an attacker is this close there are any number of other attacks that would be more practical.
hero member
Activity: 826
Merit: 500
Crypto Somnium
March 06, 2014, 08:13:49 PM
#3
So is this legit ?
sr. member
Activity: 338
Merit: 253
March 06, 2014, 12:11:53 PM
#2
LOL side channel.

Yeah, I am cracking your computer by measuring the temperature fluctuations outside your house.
Jump to: