[Simh] Fwd: VAX + Spectre

Guy Sotomayor Jr ggs at shiresoft.com
Wed Sep 18 12:14:00 CDT 2019 


> On Sep 18, 2019, at 9:59 AM, Chris Elmquist <chrise at pobox.com> wrote:
> 
> On Wednesday (09/18/2019 at 09:19AM -0700), Guy Sotomayor Jr via cctalk wrote:
>> 
>> 
>>> On Sep 18, 2019, at 12:42 AM, Liam Proven via cctalk <cctalk at classiccmp.org> wrote:
>>> 
>>> On Wed, 18 Sep 2019 at 02:19, Paul Koning via cctalk
>>> <cctalk at classiccmp.org> wrote:
>>>>> ...
>>>> Speaking of timing, that reminds me of two amazing security holes written up in the past few years.  Nothing to do with the Spectre etc. issue.
>>>> 
>>>> One is the recovery of speech from an encrypted VoIP channel such as Skype, by looking at the sizes of the encrypted data blocks.  (Look for a paper named "Hookt on fon-iks" by White et al.)  The fix for this is message padding.
>>>> 
>>>> The other is the recovery of the RSA private key in a smartphone by listening to the sound it makes while decrypting.  The fix for this is timing tweaks in the decryption inner loop.  (Look for a paper by, among others, Adi Shamir, the S in RSA and one of the world's top cryptographers.)
>>>> 
>>>> It's pretty amazing what ways people find to break into security mechanisms.
>>> 
>>> ... Wow.
>>> 
>>> *Wow.*
>>> 
>>> Thanks for those!
>> 
>> In the deep dark days of yore, I recall an actual demonstration of being able to read/replicate the contents of the screen (CRT) of a PC by looking at the AC (e.g. mains) that the PC was plugged into.  Admittedly it was relatively low fidelity, but yikes!
> 
> https://en.wikipedia.org/wiki/Van_Eck_phreaking <https://en.wikipedia.org/wiki/Van_Eck_phreaking>

Cool!

Yea, I had to make a trip to a “secure facility” once and there were entire “tempest” rooms with conditioned power and no external communications equipment.  The room itself (think *large*) was a faraday cage with a vault door that was kept closed when ever there was sensitive stuff going on.  Since I didn’t have a security clearance, the door was open and everywhere I went there were red lights in the rooms/halls that I was in that would be on to indicate that no sensitive information should be discussed (makes you feel really wanted).  ;-)

TTFN - Guy

More information about the cctalk mailing list