Researchers discover security flaw in microchips

upi402

(1000+ posts) Send PM | Profile | Ignore

Sun Nov-19-06 02:59 PM
Original message

Researchers discover security flaw in microchips

"Security has been sacrificed for the benefit of performance," French daily Le Monde quoted Seifert as saying Saturday.

The danger of hackers breaking into computer chips, using a technique known as Branch Prediction Analysis (PBA), previously necessitated a very large number of attempts to decipher a cryptology key.

But Seifert's research envisages that hackers will find it far easier and quicker in the future using a small piece of spy software that tracks microchips.

In a still-confidential study, Seifert and his colleagues explain how they managed "in only one attempt" to obtain a 512-bit encryption key in just a few thousandths of a second.

http://www.physorg.com/news83072716.html

Printer Friendly | Permalink | | Top

cosmik debris

(1000+ posts) Send PM | Profile | Ignore

Sun Nov-19-06 03:27 PM
Response to Original message

1. Does this mean the end of PGP? n/t

Printer Friendly | Permalink | | Top

Irreverend IX

(1000+ posts) Send PM | Profile | Ignore

Sun Nov-19-06 03:35 PM
Response to Original message

2. Hackers breaking into computer chips? haha

Another technology writer who obviously knows nothing about technology. I'm interested in knowing how you'd "break into" a solid-state hunk of silicon. I think the study's actual finding is that hackers have found a way to predict what sort of cryptography keys certain processors will create. I believe that producing secure encryption keys requires the CPU to create some random numbers, and chipmakers cut corners in such a way that their chips spit out easily predictable, quasi-random numbers, which allows encryption keys to be quickly cracked by someone who has a program that predicts the numbers a given chip will produce.

Printer Friendly | Permalink | | Top

Kagemusha

(1000+ posts) Send PM | Profile | Ignore

Sun Nov-19-06 03:44 PM
Response to Reply #2

3. Sounds like you're right...

The article's just poorly presenting the point.

Printer Friendly | Permalink | | Top

upi402

(1000+ posts) Send PM | Profile | Ignore

Sun Nov-19-06 04:57 PM
Response to Reply #2

4. Thanks, I'm no expert but was curious

if this was a valid concern.

So what is the current, best security/privacy? Is PGP still it?
For me it needs to be user-friendly.

Printer Friendly | Permalink | | Top

Irreverend IX

(1000+ posts) Send PM | Profile | Ignore

Sun Nov-19-06 05:43 PM
Response to Reply #4

5. I don't think the program you use makes a difference...

It's the processor you have. I'd think that as long as your processor can produce relatively unpredictable numbers, you'll be able to create secure PGP keys. But the article says nothing about which processors have the problem and which don't, so there's no way to know yet whether or not your CPU can create safe keys.

Printer Friendly | Permalink | | Top

DU AdBot (1000+ posts)

Thu Apr 25th 2024, 06:46 PM
Response to Original message

Advertisements [?]

Top

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.