1024-bit RSA encryption cracked
A vulnerability was discovered in the implementation of the RSA algorithm, which allowed researchers to crack 1024-bit encryption. Fortunately, physical access to the holder of the “secret key” is necessary for hacking, so this is unlikely to affect large companies. As for the usual gadgets, it is enough not to lose sight of them. Doctoral student at the University of Michigan Andrea Pelegrini (Andrea Pellegrini) will report tomorrow on the work done at the “Design, Automation and Test in Europe” (DATE) conference in Dresden. But let's get to the point.
The attack on the algorithm was carried out by artificially causing errors by changing the voltage on the processor. As a result, there were errors in communication with other clients, and it was possible to get a small part of the key, and as soon as enough parts were collected, the key was restored offline. Everything took 104 hours of 81 Pentium 4 processors. The equipment did not suffer, there were no signs of hacking.
Despite the fact that the article describes only the vulnerability, scientists from the university stated that they offer a fairly simple solution to the problem. To do this, according to them, it is enough to apply a "salt", which allows changing the order of numbers randomly with each request for a key.
')
However, the researchers believe that the algorithm is still fairly secure and only expect some changes to the RSA in the near future.
For those who speak English - a link to the article on the university website and a full version of the article with all the technical details in PDF .
An important clarification from atd : the essence of the published research is not in the "RSA hacking" but in a neat implementation of a hardware error attack. Because Such a class of attacks was predicted a long time ago, and many have theorized about this. Now they have come up with a new approach to this type of attack and implemented it in relation to a certain hardware (FPGA-based SPARC).
The attack on the algorithm was carried out by artificially causing errors by changing the voltage on the processor. As a result, there were errors in communication with other clients, and it was possible to get a small part of the key, and as soon as enough parts were collected, the key was restored offline. Everything took 104 hours of 81 Pentium 4 processors. The equipment did not suffer, there were no signs of hacking.
Despite the fact that the article describes only the vulnerability, scientists from the university stated that they offer a fairly simple solution to the problem. To do this, according to them, it is enough to apply a "salt", which allows changing the order of numbers randomly with each request for a key.
')
However, the researchers believe that the algorithm is still fairly secure and only expect some changes to the RSA in the near future.
For those who speak English - a link to the article on the university website and a full version of the article with all the technical details in PDF .
An important clarification from atd : the essence of the published research is not in the "RSA hacking" but in a neat implementation of a hardware error attack. Because Such a class of attacks was predicted a long time ago, and many have theorized about this. Now they have come up with a new approach to this type of attack and implemented it in relation to a certain hardware (FPGA-based SPARC).
Source: https://habr.com/ru/post/86841/
All Articles