Windows 7 - RSA 1024-bit encryption cracked

dmex · 03-10-2010

Three University of Michigan computer scientists say they have found a way to exploit a weakness in RSA security technology used to protect everything from media players to smartphones and e-commerce servers.

While guessing the 1,000-plus digits of binary code in a private key would take unfathomable hours, the researchers say that by varying electric current to a secured computer using an inexpensive purpose-built device they were able to stress out the computer and figure out the 1,024-bit private key in about 100 hours – all without leaving a trace.

RSA 1024-bit private key encryption cracked - Techworld.com

Researchers find weakness in common digital security system - University of Michigan

cloud8521 · 03-10-2010

100 hours still seems like alot of time to get into some things XD

arkhi · 03-10-2010

Compare that to the possible thousands of thousands of years it would take to simply guess.

cloud8521 · 03-10-2010

Quote: Originally Posted by arkhi

Compare that to the possible thousands of thousands of years it would take to simply guess.

i know, but its still not practical now is it XD

dmex · 03-11-2010

Quote: Originally Posted by cloud8521

Quote: Originally Posted by arkhi

Compare that to the possible thousands of thousands of years it would take to simply guess.

i know, but its still not practical now is it XD

No it wouldn't be practical for you maybe since you wouldn't be cracking any encrypted files, e-mails, SSL private keys, PGP encrypted hard-disks, games, consoles, etc.. but their all now vulnerable if you where using less than 1024bit encryption and the majority use 512bit halving the time down to 50 hours required to crack the protected key.

I did find it interesting that starving a machine of power could result in being able to crack the encryption easier.

Win7User512 · 03-11-2010

Quote: Originally Posted by cloud8521

100 hours still seems like alot of time to get into some things XD

100 hours <<<<<<<<<< Age of the Universe (14.5 Billion years)

Quote: Originally Posted by dmex

I did find it interesting that starving a machine of power could result in being able to crack the encryption easier.

Yes, that is surprising to me as well--And EXTREMELY worrisome.

brady · 03-11-2010

Am interested to see this practice being used for other 'cracks'.

Colonel Travis · 03-11-2010

To paraphrase Lee Corso - not so fast, my friend.

Quote:

Put very simply, the U of M researchers “compromised” RSA by performing the elegant equivalent of punching someone in the face until they give you the key. I think we can all agree that this is not a fundamental violation of the algorithm as Engadget suggests, nor is it a flaw that “RSA” (RSA is not an organization) needs to address.

I'm too stupid to verify or reject the U of M claim, just passing along an item I found reading about it.

dmex · 03-11-2010

Quote: Originally Posted by Colonel Travis

To paraphrase Lee Corso - not so fast, my friend.

Quote:

Put very simply, the U of M researchers “compromised” RSA by performing the elegant equivalent of punching someone in the face until they give you the key. I think we can all agree that this is not a fundamental violation of the algorithm as Engadget suggests, nor is it a flaw that “RSA” (RSA is not an organization) needs to address.

I'm too stupid to verify or reject the U of M claim, just passing along an item I found reading about it.

Any method that allows anybody to gain access to encrypted data in less than 100 hours is a weakness no matter if they need physical access.

If someone stole your machine you would hope your files are never recovered by the thief. Just think if your doctors laptop or your <inset bank employee or government with your personal data here> laptop was stolen, it would take them less than 100 hours to get all that data and yours.

ccatlett1984 · 03-11-2010

Physical access for 100hrs? So they have to steal the physical box to do this. This is a reason why we are moving to thinclients for security purposes, running the apps with confidential stuff on the citrix server.