New
#1
100 hours still seems like alot of time to get into some things XD
Three University of Michigan computer scientists say they have found a way to exploit a weakness in RSA security technology used to protect everything from media players to smartphones and e-commerce servers.
While guessing the 1,000-plus digits of binary code in a private key would take unfathomable hours, the researchers say that by varying electric current to a secured computer using an inexpensive purpose-built device they were able to stress out the computer and figure out the 1,024-bit private key in about 100 hours – all without leaving a trace.
RSA 1024-bit private key encryption cracked - Techworld.com
Researchers find weakness in common digital security system - University of Michigan
100 hours still seems like alot of time to get into some things XD
Compare that to the possible thousands of thousands of years it would take to simply guess.
No it wouldn't be practical for you maybe since you wouldn't be cracking any encrypted files, e-mails, SSL private keys, PGP encrypted hard-disks, games, consoles, etc.. but their all now vulnerable if you where using less than 1024bit encryption and the majority use 512bit halving the time down to 50 hours required to crack the protected key.
I did find it interesting that starving a machine of power could result in being able to crack the encryption easier.
To paraphrase Lee Corso - not so fast, my friend.
I'm too stupid to verify or reject the U of M claim, just passing along an item I found reading about it.Put very simply, the U of M researchers “compromised” RSA by performing the elegant equivalent of punching someone in the face until they give you the key. I think we can all agree that this is not a fundamental violation of the algorithm as Engadget suggests, nor is it a flaw that “RSA” (RSA is not an organization) needs to address.
Any method that allows anybody to gain access to encrypted data in less than 100 hours is a weakness no matter if they need physical access.
If someone stole your machine you would hope your files are never recovered by the thief. Just think if your doctors laptop or your <inset bank employee or government with your personal data here> laptop was stolen, it would take them less than 100 hours to get all that data and yours.
Physical access for 100hrs? So they have to steal the physical box to do this. This is a reason why we are moving to thinclients for security purposes, running the apps with confidential stuff on the citrix server.