

How to Break Cryptography With Your Bare Hands - cgtyoder
http://www.technologyreview.com/news/530251/how-to-break-cryptography-with-your-bare-hands/

======
tptacek
The actual journal article this is taken from was on HN a few days back, and
has some comments:

[https://news.ycombinator.com/item?id=8153670](https://news.ycombinator.com/item?id=8153670)

------
linuxlizard
Obligatory XKCD apropos to "bare hands."
[https://xkcd.com/538/](https://xkcd.com/538/)

~~~
bitL
That was the first thing that popped up in my mind when I read the title ;-)

------
markbernard
For this to work they have to have the correct key in the first place. If I
encrypt something with my key and send it down the wire and they intercept it
and try it on a machine they own they wouldn't be able to decrypt it. This
requires them to be hooked to my machine while I am decrypting to get at the
key.

------
valarauca1
The biggest issue with this is reliability.

There are dozens if not hundreds of ways to break crypto on hardware that can
be done in laboratory conditions. But these are in laboratory conditions, not
somebody touching your laptop in a coffee shop.

~~~
sp332
These guys grabbed a signal of ~1 picowatt after filtering in a noisy
environment [https://www.blackhat.com/presentations/bh-
usa-09/BARISANI/BH...](https://www.blackhat.com/presentations/bh-
usa-09/BARISANI/BHUSA09-Barisani-Keystrokes-SLIDES.pdf) While this doesn't say
anything about reliability of the current experiment, it probably works better
than you'd think.

~~~
valarauca1
Okay read the slides. Its cool but completely impractical.

The problem is if two keyboards share the same ground plane and have roughly
the same frequency (I.E.: same manufacturer), their signals will interfere
with each other constructively and destructively based on who is typing what.

They say the ground plane is noisy, but not noisy in the frequency they are
looking. Which is idiotic. The EM frequency band all around us is _noisy_ ,
but in certain spectrum ranges its completely dead. If you sample the entire
band its noisy...

They didn't test something directly interfering with the device. Which would
roughly be equal to two radio stations broadcasting on the same channel, you
couldn't hear anything sensible.

:.:.:

Not to mention their signals are still VERY noisy. I've worked/around signal
processing so you have to understand that if you want to predictably read what
is written.

[http://i.imgur.com/sJ90YPu.png](http://i.imgur.com/sJ90YPu.png)

As you can see that's 3 different triggers of on/off. Dynamic filtering is I
guess possible, but you need to know what your searching for to start with.
And build a model of likely signals, so you can compare post filtered with
what you got post filter to check correctness, and repeat until you get within
the tolerance of acceptable correctness. If its a computer generated
encryption key then your looking for psuedo random bit pattern, and your just
fucked.

Secondly

[http://i.imgur.com/gDvd7M1.png](http://i.imgur.com/gDvd7M1.png)

See, if you assume which trigger you use upper or lower this signal will
actually change from 00100110001 to 00100111001. :\ The only way you can
_know_ which is correct is if you know what was given to start with.

:.:.:

I don't want to say its completely unreliable because of that, but if that
literally the best example they had to put on a slide then their can't be many
more _good_ samples.

~~~
short_circut
Idk when I see talks like this one.
[https://www.youtube.com/watch?v=5N1C3WB8c0o](https://www.youtube.com/watch?v=5N1C3WB8c0o)

~~~
valarauca1
Look, one university researcher stands up and says "Hey I was looking for this
conjecture, So I designed a single experiment and confirmed it!"

You wouldn't quote it as scientific fact. In fact they'd be laughed out of the
journal. So why do we do that for defcon talks?

------
Fando
Mind blow.

