Re: [tlug] Your computer is speaking your private key out loud?!

[Bruno Raoult <braoult@example.com>]

On Fri, Dec 20, 2013 at 4:46 AM, Nikolay Elenkov <nick@example.com> wrote:

Darren Cook writes:
>>> I fully understand how the sound of your CPU will change when under
>>> load. ...
>
>> CPU noises correspond to certain operations on the processor if you know
>> what code the processor is running you can match the noises back to the
>> code paths in the machine code for the program, ...
>
> When reading what you wrote, I realized I was wrong: I don't have a clue
> how my CPU makes sounds. (I was thinking of the CPU fan, and perhaps a
> small buzz from heat emission or from drawing power)
> I've just had a flashback about 30 years back to reading about p and n
> type silicon... and I still cannot find anything in my knowledge between
> then and now about how different CPU instructions could make different
> sounds!!

At least, even if it sounds difficult to believe this kind of attacks, it has been fixed

this morning on my Linux box. My latest Ubuntu update says:

 Version 1.4.14-1ubuntu2.1:

  * SECURITY UPDATE: RSA Key Extraction via Low-Bandwidth Acoustic
    Cryptanalysis attack
    - debian/patches/CVE-2013-4576.patch: Use blinding for the RSA secret
      operation in cipher/random.*, cipher/rsa.c, g10/gpgv.c. Normalize the
      MPIs used as input to secret key functions in cipher/dsa.c,
      cipher/elgamal.c, cipher/rsa.c.
    - CVE-2013-4576

--
2 + 2 = 5, for very large values of 2.