[Simh] Fwd: VAX + Spectre

Chris Elmquist chrise at pobox.com
Wed Sep 18 11:59:34 CDT 2019


On Wednesday (09/18/2019 at 09:19AM -0700), Guy Sotomayor Jr via cctalk wrote:
> 
> 
> > On Sep 18, 2019, at 12:42 AM, Liam Proven via cctalk <cctalk at classiccmp.org> wrote:
> > 
> > On Wed, 18 Sep 2019 at 02:19, Paul Koning via cctalk
> > <cctalk at classiccmp.org> wrote:
> >>> ...
> >> Speaking of timing, that reminds me of two amazing security holes written up in the past few years.  Nothing to do with the Spectre etc. issue.
> >> 
> >> One is the recovery of speech from an encrypted VoIP channel such as Skype, by looking at the sizes of the encrypted data blocks.  (Look for a paper named "Hookt on fon-iks" by White et al.)  The fix for this is message padding.
> >> 
> >> The other is the recovery of the RSA private key in a smartphone by listening to the sound it makes while decrypting.  The fix for this is timing tweaks in the decryption inner loop.  (Look for a paper by, among others, Adi Shamir, the S in RSA and one of the world's top cryptographers.)
> >> 
> >> It's pretty amazing what ways people find to break into security mechanisms.
> > 
> > ... Wow.
> > 
> > *Wow.*
> > 
> > Thanks for those!
> 
> In the deep dark days of yore, I recall an actual demonstration of being able to read/replicate the contents of the screen (CRT) of a PC by looking at the AC (e.g. mains) that the PC was plugged into.  Admittedly it was relatively low fidelity, but yikes!

https://en.wikipedia.org/wiki/Van_Eck_phreaking

-- 
Chris Elmquist


More information about the cctalk mailing list