|
Title: Scientist-devised crypto attack Post by: Liquid on March 06, 2014, 04:05:13 PM http://arstechnica.com/security/2014/03/scientist-devised-crypto-attack-could-one-day-steal-secret-bitcoin-keys/
http://eprint.iacr.org/2014/161.pdf Title: Re: Scientist-devised crypto attack Post by: Blinken on March 06, 2014, 05:11:53 PM LOL side channel.
Yeah, I am cracking your computer by measuring the temperature fluctuations outside your house. Title: Re: Scientist-devised crypto attack Post by: Liquid on March 07, 2014, 01:13:49 AM So is this legit ?
Title: Re: Scientist-devised crypto attack Post by: grifferz on March 07, 2014, 01:16:55 AM So is this legit ? Yes, but once an attacker has that level of access to your hardware all bets are off and for most people, bitcoin loss would be the least of their worries. Of course, big bitcoin holders might be targeted more, but really once an attacker is this close there are any number of other attacks that would be more practical.Title: Re: Scientist-devised crypto attack Post by: Liquid on March 09, 2014, 08:28:45 AM So is this legit ? Yes, but once an attacker has that level of access to your hardware all bets are off and for most people, bitcoin loss would be the least of their worries. Of course, big bitcoin holders might be targeted more, but really once an attacker is this close there are any number of other attacks that would be more practical.So your saying he would have to be in the same room ? Title: Re: Scientist-devised crypto attack Post by: amspir on March 09, 2014, 03:30:58 PM So your saying he would have to be in the same room ? The risk is that if a private key to one or more addresses is reused on a shared machine, such as in cloud computing, it is possible to determine the private key. The researchers were able to determine the private key after 200 signings. I would think that using disposable addresses where a private key is used to sign a transaction only once, should minimize or eliminate the risk. Title: Re: Scientist-devised crypto attack Post by: FeedbackLoop on March 09, 2014, 04:51:48 PM The risk is that if a private key to one or more addresses is reused on a shared machine, such as in cloud computing, it is possible to determine the private key. The researchers were able to determine the private key after 200 signings. Assuming, of course, that all the electro-magnetic signal of sufficient machines in the cloud are under permanent laboratory observation with instruments carefully specified for each individual machine construction until the investigators manage to detect, attribute to the correct public key hash, and do all the necessary measurements on the 200 signings. I'll also note that, from the article, this is an OpenSSL (presumably temporary) weakness. Not Bitcoin's. Title: Re: Scientist-devised crypto attack Post by: Boris-The-Blade on March 09, 2014, 11:45:26 PM Just have to assume anything is possible these days.
Title: Re: Scientist-devised crypto attack Post by: MysteryMiner on March 09, 2014, 11:56:01 PM So is this legit ? Yes, but once an attacker has that level of access to your hardware all bets are off and for most people, bitcoin loss would be the least of their worries. Of course, big bitcoin holders might be targeted more, but really once an attacker is this close there are any number of other attacks that would be more practical.So your saying he would have to be in the same room ? So your saying he would have to be in the same room ? The risk is that if a private key to one or more addresses is reused on a shared machine, such as in cloud computing, it is possible to determine the private key. The researchers were able to determine the private key after 200 signings. I would think that using disposable addresses where a private key is used to sign a transaction only once, should minimize or eliminate the risk. Title: Re: Scientist-devised crypto attack Post by: ThirdRenaissance on March 10, 2014, 12:09:36 AM Is it theoretically possible to protect algorithms from side channel attacks by obfuscating their inner workings and fudging whatever signals they radiate?
Title: Re: Scientist-devised crypto attack Post by: amspir on March 10, 2014, 12:43:30 AM Is it theoretically possible to protect algorithms from side channel attacks by obfuscating their inner workings and fudging whatever signals they radiate? Most likely a future update to OpenSSL Title: Re: Scientist-devised crypto attack Post by: leckey on March 10, 2014, 01:36:47 AM Isn't it really just a flaw with Intel chips, rather than OpenSSL?
Title: Re: Scientist-devised crypto attack Post by: Taras on March 10, 2014, 02:28:39 AM It has to be efficient, they're SCIENTISTS! ::)
|