<p dir="ltr">The voltage regulator vibrates slightly and this emits sounds when it tries to keep the voltage stable as the CPU switches between computations that require different amounts of power.</p>
<p dir="ltr">They found that they could use the timing info that they could extract from the sound to see for how long the CPU was performing certain parts of the RSA computations, and combined with the ability to perform a chosen plaintext attack (telling the computer what to encrypt) they could figure out the private key after half an hour of encryption of various data. </p>
<p dir="ltr">- Sent from my phone</p>
<div class="gmail_quote">Den 20 dec 2013 19:26 skrev "Lee Azzarello" <<a href="mailto:lee@guardianproject.info">lee@guardianproject.info</a>>:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I'd like to focus on the "acoustic emanations" part. What's up with that? Remember Van Eck phreaking? Theoretically possible but only good for fiction writing in reality. <div><br></div><div>-lee<br><br>
On Wednesday, December 18, 2013, Nathan of Guardian wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
>From GnuPG:<br>
<a href="http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html" target="_blank">http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html</a><br>
<br>
"The second attack is more serious. Â It is an adaptive chosen ciphertext<br>
attack to reveal the private key. Â A possible scenario is that the<br>
attacker places a sensor (for example a standard smartphone) in the<br>
vicinity of the targeted machine. Â That machine is assumed to do<br>
unattended RSA decryption of received mails, for example by using a mail<br>
client which speeds up browsing by opportunistically decrypting mails<br>
expected to be read soon. Â While listening to the acoustic emanations of<br>
the targeted machine, the smartphone will send new encrypted messages to<br>
that machine and re-construct the private key bit by bit. Â A 4096 bit<br>
RSA key used on a laptop can be revealed within an hour."<br>
_______________________________________________<br>
Guardian-dev mailing list<br>
<br>
Post: <a>Guardian-dev@lists.mayfirst.org</a><br>
List info: <a href="https://lists.mayfirst.org/mailman/listinfo/guardian-dev" target="_blank">https://lists.mayfirst.org/mailman/listinfo/guardian-dev</a><br>
<br>
To Unsubscribe<br>
    Send email to:  <a>Guardian-dev-unsubscribe@lists.mayfirst.org</a><br>
    Or visit: <a href="https://lists.mayfirst.org/mailman/options/guardian-dev/lee%40guardianproject.info" target="_blank">https://lists.mayfirst.org/mailman/options/guardian-dev/lee%40guardianproject.info</a><br>
<br>
You are subscribed as: <a>lee@guardianproject.info</a><br>
</blockquote></div>
<br>_______________________________________________<br>
Guardian-dev mailing list<br>
<br>
Post: <a href="mailto:Guardian-dev@lists.mayfirst.org">Guardian-dev@lists.mayfirst.org</a><br>
List info: <a href="https://lists.mayfirst.org/mailman/listinfo/guardian-dev" target="_blank">https://lists.mayfirst.org/mailman/listinfo/guardian-dev</a><br>
<br>
To Unsubscribe<br>
    Send email to:  <a href="mailto:Guardian-dev-unsubscribe@lists.mayfirst.org">Guardian-dev-unsubscribe@lists.mayfirst.org</a><br>
    Or visit: <a href="https://lists.mayfirst.org/mailman/options/guardian-dev/natanael.l%40gmail.com" target="_blank">https://lists.mayfirst.org/mailman/options/guardian-dev/natanael.l%40gmail.com</a><br>
<br>
You are subscribed as: <a href="mailto:natanael.l@gmail.com">natanael.l@gmail.com</a><br>
<br></blockquote></div>