Fault-Based Attack of RSA Authentication
basile
basile at opensource.dyc.edu
Fri Mar 5 00:20:36 UTC 2010
Hi everyone,
I thought this might be of interest to the list. Pellegrini, Bertacco
and Austin at U of Michigan have found an interesting way to deduce the
secret key by fluctuating a device's power supply. Its a minimal threat
against servers, but against hand held devices its more practical. The
openssl people say there's an easy fix by salting.
Here's some referneces:
http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/
http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
--
Anthony G. Basile, Ph.D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
USA
(716) 829-8197
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20100304/7a4d2732/attachment.pgp>
More information about the tor-talk
mailing list