Thursday, June 25, 2015

pita bread trickery

As can be read here, its known since quite some time that the
CPU is emitting frequencies upon operation which contains
enough "signature" so that crypto keys may be
recovered. This happens namely during RSA decryption
and signing operations. As this is a public paper using
public available SDRs and thinking 20years ahead, theres
good chance that there are setups today with antennas and sufficient DSP computing power that may recover keys from a far larger distance than just the mentioned 50cm.

What does that mean for opmsg?

In the new version (1.3), I enabled RSA-blinding during decryption and signing. During "normal operation" due to the DH 
keys in use, there should be no attack surface. In the worst case
the attacker just recovers the private half of the DH key of
his own specially crafted message.
Further, opmsg verifies integrity of the sender before any 
decryption so you cant decrypt specially crafted messages (as 
required in the paper) from strangers who hope to capture
signals once the message is processed.
Its already recommended (and easy to setup) to use a dedicated 
persona for each peer. If you follow that guideline, even
w/o RSA blinding the attacker can just decrypt his own messages.

What else is new?

 o The use of RSA-fallback mode can now be seen in output
 o it is possible to --burn keys (only use once)

No comments: