March 9, 2010 at 12:34Hacked 1024-bit RSA encryption
A vulnerability was discovered in the implementation of the RSA algorithm, which allowed researchers to crack 1024-bit encryption. Fortunately, hacking requires physical access to the “secret key” holder, so this is unlikely to affect large companies. As for ordinary gadgets, it’s enough not to lose sight of them. Andrea Pellegrini, a doctoral student at the University of Michigan, will present his progress report tomorrow at the Design, Automation and Test in Europe (DATE) conference in Dresden. But let's get to the point.
The attack on the algorithm was carried out by artificially causing errors by changing the voltage on the processor. As a result, there were errors in communication with other clients, and it was possible to get a small part of the key, and as soon as enough parts were collected, the key was restored offline. Everything about everything took 104 hours of operation of 81 Pentium 4 processors. The equipment was not affected, there were no traces of hacking.
Despite the fact that the article describes only vulnerability, scientists from the university said that they offer a fairly simple solution to the problem. To do this, according to them, it is enough to use the “salt”, which allows you to change the order of numbers randomly with each key request.
Be that as it may, the researchers believe that the algorithm is still quite secure and expect only some changes to the RSA in the near future.
For those who speak English - a link to an article on the university website and a full version of the article with all technical details in PDF .
An important clarification from atd : the essence of the published study is not in “hacking RSA”, but in accurately implementing an attack based on iron errors. Because such a class of attacks was predicted a long time ago, and a lot has been theorized about this. Now they have come up with a new approach to this type of attack and implemented in relation to a certain hardware (FPGA-based SPARC).
The attack on the algorithm was carried out by artificially causing errors by changing the voltage on the processor. As a result, there were errors in communication with other clients, and it was possible to get a small part of the key, and as soon as enough parts were collected, the key was restored offline. Everything about everything took 104 hours of operation of 81 Pentium 4 processors. The equipment was not affected, there were no traces of hacking.
Despite the fact that the article describes only vulnerability, scientists from the university said that they offer a fairly simple solution to the problem. To do this, according to them, it is enough to use the “salt”, which allows you to change the order of numbers randomly with each key request.
Be that as it may, the researchers believe that the algorithm is still quite secure and expect only some changes to the RSA in the near future.
For those who speak English - a link to an article on the university website and a full version of the article with all technical details in PDF .
An important clarification from atd : the essence of the published study is not in “hacking RSA”, but in accurately implementing an attack based on iron errors. Because such a class of attacks was predicted a long time ago, and a lot has been theorized about this. Now they have come up with a new approach to this type of attack and implemented in relation to a certain hardware (FPGA-based SPARC).