|
Liquid (OP)
|
 |
March 06, 2014, 04:05:13 PM |
|
|
Bitcoin will show the world what hard money really is.
|
|
|
|
|
|
|
|
|
|
|
|
"I'm sure that in 20 years there will either be very large transaction volume or no volume." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
Blinken
|
|
March 06, 2014, 05:11:53 PM |
|
LOL side channel.
Yeah, I am cracking your computer by measuring the temperature fluctuations outside your house.
|
Bitcoin ♦♦♦ Trust in Mathematics, Not Bankers ♦♦♦
|
|
|
|
Liquid (OP)
|
|
March 07, 2014, 01:13:49 AM |
|
So is this legit ?
|
Bitcoin will show the world what hard money really is.
|
|
|
|
grifferz
|
|
March 07, 2014, 01:16:55 AM |
|
So is this legit ?
Yes, but once an attacker has that level of access to your hardware all bets are off and for most people, bitcoin loss would be the least of their worries. Of course, big bitcoin holders might be targeted more, but really once an attacker is this close there are any number of other attacks that would be more practical. |
|
|
|
|
|
Liquid (OP)
|
|
March 09, 2014, 08:28:45 AM |
|
So is this legit ?
Yes, but once an attacker has that level of access to your hardware all bets are off and for most people, bitcoin loss would be the least of their worries. Of course, big bitcoin holders might be targeted more, but really once an attacker is this close there are any number of other attacks that would be more practical. So your saying he would have to be in the same room ? |
Bitcoin will show the world what hard money really is.
|
|
|
amspir
Member
 Offline
Activity: 112
Merit: 10
|
|
March 09, 2014, 03:30:58 PM |
|
So your saying he would have to be in the same room ?
The risk is that if a private key to one or more addresses is reused on a shared machine, such as in cloud computing, it is possible to determine the private key. The researchers were able to determine the private key after 200 signings. I would think that using disposable addresses where a private key is used to sign a transaction only once, should minimize or eliminate the risk. |
|
|
|
|
|
FeedbackLoop
|
|
March 09, 2014, 04:51:48 PM
Last edit: March 10, 2014, 04:22:25 AM by FeedbackLoop |
|
The risk is that if a private key to one or more addresses is reused on a shared machine, such as in cloud computing, it is possible to determine the private key. The researchers were able to determine the private key after 200 signings.
Assuming, of course, that all the electro-magnetic signal of sufficient machines in the cloud are under permanent laboratory observation with instruments carefully specified for each individual machine construction until the investigators manage to detect, attribute to the correct public key hash, and do all the necessary measurements on the 200 signings. I'll also note that, from the article, this is an OpenSSL (presumably temporary) weakness. Not Bitcoin's. |
|
|
|
|
|
Boris-The-Blade
|
|
March 09, 2014, 11:45:26 PM |
|
Just have to assume anything is possible these days.
|
|
|
|
|
MysteryMiner
Legendary
Offline
Activity: 1470
Merit: 1029
Show middle finger to system and then destroy it!
|
|
March 09, 2014, 11:56:01 PM |
|
So is this legit ?
Yes, but once an attacker has that level of access to your hardware all bets are off and for most people, bitcoin loss would be the least of their worries. Of course, big bitcoin holders might be targeted more, but really once an attacker is this close there are any number of other attacks that would be more practical. So your saying he would have to be in the same room ? Even closer. He wold have to run code on the same CPU. So your saying he would have to be in the same room ?
The risk is that if a private key to one or more addresses is reused on a shared machine, such as in cloud computing, it is possible to determine the private key. The researchers were able to determine the private key after 200 signings. I would think that using disposable addresses where a private key is used to sign a transaction only once, should minimize or eliminate the risk. Never ever use shared computer or cloud computing for anything. 95% of attack vectors closed. |
bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
|
|
|
ThirdRenaissance
Newbie
Offline
Activity: 30
Merit: 0
|
|
March 10, 2014, 12:09:36 AM |
|
Is it theoretically possible to protect algorithms from side channel attacks by obfuscating their inner workings and fudging whatever signals they radiate?
|
|
|
|
|
amspir
Member
Offline
Activity: 112
Merit: 10
|
|
March 10, 2014, 12:43:30 AM |
|
Is it theoretically possible to protect algorithms from side channel attacks by obfuscating their inner workings and fudging whatever signals they radiate?
Most likely a future update to OpenSSL |
|
|
|
|
|
leckey
|
|
March 10, 2014, 01:36:47 AM |
|
Isn't it really just a flaw with Intel chips, rather than OpenSSL?
|
|
|
|
Taras
Legendary
Offline
Activity: 1386
Merit: 1053
Please do not PM me loan requests!
|
|
March 10, 2014, 02:28:39 AM |
|
It has to be efficient, they're SCIENTISTS!  |
|
|
|
|
|
