
Researchers find way to zap RSA security scheme - rosser
http://www.networkworld.com/news/2010/030410-rsa-security-attack.html?hpg1=bn
======
jrockway
Ugh, reading mainstream articles about cryptography is painful. I like how
they claim a brute-force attack would take "hours". I guess you can measure
the lifetime of the Unvierse in hours... technically...

Side-channel attacks are nice, but IMO, they are mostly good for breaking
things like DRM. You cannot go to your bank's datacenter and measure the
voltage the processor consumes while encrypting your transactions. You can,
however, do that to your DVD player.

So while real cryptography is not broken, DRM is. Of course, we already knew
that.

~~~
stcredzero
Reading mainstream articles about X is painful.

Only enjoyable if you are almost totally ignorant about X. Works for all X.
Tells you something about the target audience of the mainstream media.

How about a "Metajournalist" site? A Wikipedia-style site where we can collect
all of these technical bloopers, listed by author?

------
cperciva
Fault attacks on crypto are not new; but it's always interesting to see new
variations. The world is not ending, but people who do crypto in hostile
environments have another reason to be careful.

------
zitterbewegung
Researchers find a side channel attack on RSA.....

------
teilo
Yet another alarmist title. No, RSA hasn't been zapped. Not even remotely
close.

For those not wishing to slog through this paper, here's what it amounts to:
If you can get close enough to the hardware that is encrypting data, and have
sensitive enough equipment, you may be able to grab enough of the data to
break the encryption through various indirect means.

Interesting, sure, but pretty much meaningless. It should always be assumed no
system is secure when it is physically accesible by an attacker.

