Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: RSA 1024-bit encryption cracked

11 Mar 2010   #11
zezasu

Windows Seven x64
 
 

For some reason When I read it I felt some kinda of sadness pass through me and my face started cringing also? Anybody else?

I treat my car well despite pushing it really hard but I make sure its fuel and oil and anything else that needs to be replacement gets fixed. Even halfway full makes me upset. The body of the car is something else but I still try to repair it the best. Anyways it applies for my computer also.


My System SpecsSystem Spec
.
11 Mar 2010   #12
cloud8521

 

Quote   Quote: Originally Posted by ccatlett1984 View Post
Physical access for 100hrs? So they have to steal the physical box to do this. This is a reason why we are moving to thinclients for security purposes, running the apps with confidential stuff on the citrix server.
if 24 taught me anything it's that you have a mole who will do this :O lol
My System SpecsSystem Spec
12 Mar 2010   #13
rbmorse

Ubuntu Lunix and Windows 7
 
 

Quote   Quote: Originally Posted by ccatlett1984 View Post
This is a reason why we are moving to thinclients for security purposes, running the apps with confidential stuff on the citrix server.
Wow! Suddenly it's 1965!

(Not being critical...we do the same thing for the same reason).
My System SpecsSystem Spec
.

12 Mar 2010   #14
Colonel Travis

Black Label 7 x64
 
 

Quote   Quote: Originally Posted by dmex View Post
Any method that allows anybody to gain access to encrypted data in less than 100 hours is a weakness no matter if they need physical access.

If someone stole your machine you would hope your files are never recovered by the thief. Just think if your doctors laptop or your <inset bank employee or government with your personal data here> laptop was stolen, it would take them less than 100 hours to get all that data and yours.
No, this is not the kind of scenario to fear. I finally read the U of M paper, and although some of it's pretty convoluted, there are couple key points that are easy to understand.

1.) You need access to the machine that's doing the encrypting. You can't just take someone's laptop or smartphone, etc. and do this method. You don't need to physically have the encrypting machine, however you need to be close enough for the voltage manipulation. And, in this case, U of M needed access for 104 hours. I wish they had a picture of what their setup looked like. Sounds like it would be easy to notice. Of course, what if no one is looking for such a thing? I don't know. All I'm saying is that whoever tries this method has to be fairly conspicuous for almost an entire work week.

2.) The voltage manipulation involved is pretty sophisticated, in a controlled environment, on a specific type of system. That doesn't diminish what was done, but don't expect RSA breaches all over the world any time soon.
My System SpecsSystem Spec
12 Mar 2010   #15
dmex

 

Quote   Quote: Originally Posted by Colonel Travis View Post
No, this is not the kind of scenario to fear. I finally read the U of M paper, and although some of it's pretty convoluted, there are couple key points that are easy to understand.

1.) You need access to the machine that's doing the encrypting. You can't just take someone's laptop or smartphone, etc. and do this method. You don't need to physically have the encrypting machine, however you need to be close enough for the voltage manipulation.
Each machine needs the ability to decrypt/encrypt data before the user is able to work on it, they would have software on their laptops for doing this so unless it was something like a backup tape that disappeared...

Quote:
And, in this case, U of M needed access for 104 hours. I wish they had a picture of what their setup looked like. Sounds like it would be easy to notice. Of course, what if no one is looking for such a thing? I don't know. All I'm saying is that whoever tries this method has to be fairly conspicuous for almost an entire work week.

2.) The voltage manipulation involved is pretty sophisticated, in a controlled environment, on a specific type of system. That doesn't diminish what was done, but don't expect RSA breaches all over the world any time soon.
Im sure an easy set of instructions will come out on our favorite forum for these things
My System SpecsSystem Spec
12 Mar 2010   #16
Colonel Travis

Black Label 7 x64
 
 

Quote   Quote: Originally Posted by dmex View Post
Each machine needs the ability to decrypt/encrypt data before the user is able to work on it, they would have software on their laptops for doing this so unless it was something like a backup tape that disappeared...
To clarify, this is what the U of M people did:
Quote:
Our fault-based attack can extract a serverís private key by injecting faults in the serverís hardware, which produces intermittent computational errors during the authentication of a message. We then use our extraction algorithm to compute the private key d from several unique messages m and their corresponding erroneous signatures s.
In other words, it cannot be used against a client computer or device. Now, they also said their method could be used against bus encryption, but you don't find that sort of thing in personal devices, unless you wear a backpack with an ATM in it.

Here's the direct link to their paper in pdf.

By the way, anyone who wants to try this probably has enough information to go by from that pdf. This is what I find amusing about these kind of papers. Under the guise of The University Study, we found a way to screw planet earth and here's how we did it. Of course, security people never stop tweaking. Cat-and-mousing never ends.
My System SpecsSystem Spec
11 Dec 2011   #17
spyder5157

Windows 7 Ultimate x32
 
 

HOW LONG Till the actual method used (Building the voltage regulator, etc.) details are released. Either RSA is paying an ENORMOUS amount of money for them to keep that quiet, or something. I realize they want to wait and present their paper, BUT, why are the details of HOW it is done released.

I know there are a million things to crack, but I will tell you what drives me crazy, the fact that Motorola will NOT unlock the bootloaders on their Android Phones. They are there, but 1024 bit encrypted...I would just love to crack that sucker open. And that is something not illegal, it's my device. (Motorola actually PROMISED to ship all the devices unlocked, and they are.....IN EUROPE.....Here VERIZON SAID you do that, we don't buy...that simple..Corporate BS)..

ANYWAY, like I said, where are the real details of how it is done.

Spyder
My System SpecsSystem Spec
11 Dec 2011   #18
lehnerus2000

W7 Ultimate SP1, LM18.2 MATE, W10 Home, #All 64 bit
 
 

Now that a method has been discovered other people will be able to improve on it.

WPA-TKIP was cracked by some researchers.
Several other groups used that info to develop their own methods, which also cracked it.

I wouldn't be surprised if the same thing happens in this case too.
My System SpecsSystem Spec
12 Dec 2011   #19
FuturDreamz

Windows 8 Pro (32-bit)
 
 

Isn't this more of a hardware issue? where when a chip's voltage is too low to operate properly it should disable itself? encryption chips should do this.
My System SpecsSystem Spec
12 Dec 2011   #20
lehnerus2000

W7 Ultimate SP1, LM18.2 MATE, W10 Home, #All 64 bit
 
 

I assume that it is hardware related (based on the article).
It might be possible to reproduce the effect some other way (once it has been thoroughly analysed).
My System SpecsSystem Spec
Reply

 RSA 1024-bit encryption cracked




Thread Tools




Similar help and support threads
Thread Forum
biggest encryption std to date+ most power encryption soft ?
biggest encryption std to date+ most power encryption soft ? nowadays I am so much excited about encryption after watching BlackHat 2013 videos and Def Con 19 ,20 can u help me to find out words most powerful encryption software and methods and where to learn it I think doing PHD in...
System Security
How can I get past 1024 x 768 resolution?
So, I bought my laptop a few years ago and it had Windows 7 already installed on it, resolution was more than fine and probably higher than it is now. I installed Windows 7 again yesterday and the resolution is really bad and it bothers me a lot, you could say that I am desperate to find a way...
Graphic Cards
Bccode 1024 please help
I built my computer last December. Lately, i keep having problem.(only happen when i play game) I try ram testing, and it said the ram is ok. I update all drivers also. The temperature of my graphic card and cpu is normal. Here is the file. Could anyone please tell me what is going on or...
BSOD Help and Support
RSA 1024-bits Key Encryption Cracked
Basically, we're not longer safe! :shock: http://www.hardmac.com/news/2010/03/08/rsa-1024-bits-key-encryption-cracked
System Security
BFG 9800GTX 512 or BFG 9800GT 1024
Have a choice of 2 cards. Which would you rather have.. BFG 9800GTX 512 or BFG 9800GT 1024
Graphic Cards
BitLocker Drive Encryption - Change Encryption Method and Cipher Strength
How to Change Windows 7 BitLocker Drive Encryption Method and Cipher Strength This will show you how to change the encryption algorithm and key cipher strength used by BitLocker to encrypt drives in Windows 7.BitLocker Drive Encryption supports 128-bit and 256-bit encryption keys. Longer...
Tutorials


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 02:07.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App