[Ninux-Wireless] Attacco acustico contro GPG
Clauz
clauz a ninux.org
Lun 23 Dic 2013 11:56:45 CET
Dal suono del processore riescono ad estrarre la chiave privata PGP:
"""
Here, we describe a new acoustic cryptanalysis key extraction attack,
applicable to GnuPG's current implementation of RSA. The attack can
extract full 4096-bit RSA decryption keys from laptop computers (of
various models), within an hour, using the sound generated by the
computer during the decryption of some chosen ciphertexts. We
experimentally demonstrate that such attacks can be carried out, using
either a plain mobile phone placed next to the computer, or a more
sensitive microphone placed 4 meters away.
"""
http://www.cs.tau.ac.il/~tromer/acoustic/
Se avete la versione 1.x di GnuPG aggiornate!
http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000337.html
Clauz
-------------- parte successiva --------------
Un allegato non testuale รจ stato rimosso....
Nome: signature.asc
Tipo: application/pgp-signature
Dimensione: 263 bytes
Descrizione: OpenPGP digital signature
URL: <http://ml.ninux.org/pipermail/wireless/attachments/20131223/4e0c90ab/attachment-0001.sig>
Maggiori informazioni sulla lista
Wireless