[Arm-netbook] how to get 4096-bit RSA private keys for free.
Luke Kenneth Casson Leighton
lkcl at lkcl.net
Wed Dec 18 23:44:38 GMT 2013
including from secure "Tempest" servers. i find this hilarious.
they're using power-fluctuation analysis using either a physical
contact with the machine (skin-contact with the metal case is enough
but an earth point on the VGA or USB cable is better), or, my
favourite, is listening for the distinctive sound made by
inductor-capacitor feedback loops in the power circuits. apparently
some mobile phone microphones are just about good enough to hear the
20khz+ whine: that's enough to determine the power consumption during
the RSA key calculations, and that's good enough to get any private
key. takes a hell of a long time, but that's ok :)
all those "secure servers" out there? all you have to do is lease
space to put in your own co-located server with an ultrasonic
microphone and it's game over for neighbouring web server
certificates. absolutely hilarious.
sorry i just had to share this with someone.
More information about the arm-netbook