[Simh] Fwd: VAX + Spectre

Liam Proven lproven at gmail.com
Wed Sep 18 02:42:22 CDT 2019


On Wed, 18 Sep 2019 at 02:19, Paul Koning via cctalk
<cctalk at classiccmp.org> wrote:
> > ...
> Speaking of timing, that reminds me of two amazing security holes written up in the past few years.  Nothing to do with the Spectre etc. issue.
>
> One is the recovery of speech from an encrypted VoIP channel such as Skype, by looking at the sizes of the encrypted data blocks.  (Look for a paper named "Hookt on fon-iks" by White et al.)  The fix for this is message padding.
>
> The other is the recovery of the RSA private key in a smartphone by listening to the sound it makes while decrypting.  The fix for this is timing tweaks in the decryption inner loop.  (Look for a paper by, among others, Adi Shamir, the S in RSA and one of the world's top cryptographers.)
>
> It's pretty amazing what ways people find to break into security mechanisms.

... Wow.

*Wow.*

Thanks for those!

-- 
Liam Proven - Profile: https://about.me/liamproven
Email: lproven at cix.co.uk - Google Mail/Hangouts/Plus: lproven at gmail.com
Twitter/Facebook/Flickr: lproven - Skype/LinkedIn: liamproven
UK: +44 7939-087884 - ČR (+ WhatsApp/Telegram/Signal): +420 702 829 053


More information about the cctalk mailing list