Researchers extract RSA encryption key from sound of working CPU

This blows my mind. :eek:
RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis

Then there’s this:

But what about the Vorpel Protocol?

Okay, this is weird. I didn’t know what you meant by “Vorpel Protocol” so I googled it. The first hit was this thread. This was within 3 minutes of your post; and it’s labeled “20 hours ago - 2 posts - ‎2 authors”.

You didn’t know what I meant? Well, that makes two of us. I was making a gentle joke about my mystification over your post, which I didn’t understand in the least.

What my post means is that researchers have show that it’s possible to obtain a decryption key by analyzing the high frequency sounds given off by a CPU.

So, for example, if you are sitting in a Starbucks and you enter the password to read an encrypted super-secret email, someone nearby with a microphone and the right equipment can steal your password simply by recording the sounds of your computer.

But I’m still trying to figure out Google’s time travel trick.

Not really.
You need to have your computer process a particular file that the crypto software needs in order to obtain the key.

I’m still trying to figure out the trick where one local mom whitens her teeth so much all the local dentists hate her.

I think it is safe to say that if the NSA wants inside your computer, they will get inside your computer.

Hm what would happen with someone tapping their fingernails on the laptop case… I have an annoying habit of tapping on my case while I am waiting for stuff. No idea why or how I picked up the damned habit but I try to control it. But if it would confound the eavesdroppers I could stop trying to suppress it.:stuck_out_tongue:

True. I was trying to keep it non-technical. The point is that these techniques can be used to access encrypted data.

Of course they’d still need physical access to the actual file, although it strikes me that similar techniques may render that unnecessary.

But in the real world wouldn’t acoustic noise and RF noise render these attack ineffective? It seems to me that gathering this data in a laboratory setting is one thing, but pulling it off in a public place is another.

What this means is that, until the courts rule otherwise, the government(or anybody else with the proper equipment) can get confidential information from your supposedly encrypted files without a warrant.

But I don’t have any confidential information sniffle

There have been ways to do this type of thing for a while now, based on electromagnetic emissions from the computer. What blows my mind about this is that they’re using the physical vibrations of the CPU. It never would have crossed my mind that this was even remotely possible.

It’s conceivable that moving electrons around and flipping transistor states could cause some physical motion - we are manipulating matter after all - but the idea that those vibrations contain some useable information is something I would have dismissed out of hand.

You’ve got a few mistakes davidm. The sound is not from the chip but from the voltage regulation circuit. See Q2 here

Also, they are not accessing encrypted data, they are recovering the target’s RSA private key. They use the target’s public key to encrypt several text files known to the attacker and email them to the target. When the target opens the email GnuPG decrypts the text using the private key. By knowing what data is being decrypted and analyzing the sound generated they can recover the private key.

Yeah, well I have a lot of HUGE secrets that I don’t want anybody finding out about. Okay, well, I have couple of REALLY BIG secrets. Well, one that’s kinda secret, to me anyway. I got nothin’. :frowning:

What’s far more likely is that depending on the key, the processor does more or less work on the chosen plaintext, which triggers the system’s fan to go faster or slower.

Edit: Never mind, kferr actually read the synopsis and found the actual culprit.

I took “computer” to mean “CPU” but fair enough, you got me on that. Regarding your other point, my thread title makes it very clear that I was discussing the extraction of keys.

I remember a story a few years ago about duplicating the image on a CRT, based on the sounds the original made when displaying it. Pretty cool technology, along the same lines.

(ha! same lines!)

It is not time travel, it is simply predictive text. Should we really be surprised that Google, with its huge server farms and access to all human knowledge and everyone’s internet activity, can predict what Chefguy is going to post much sooner and much more completely and accurately than, say, a little phone could do? :wink:

What I can’t figure out is what they need the killer robots for.