|
|
|
|
|
|
by javajosh
959 days ago
|
|
|
How about ELI precocious 10 year old? Cosmic rays and thermal effects cause random bit flips in memory very infrequently. If you sit on a network and listen to TLS handshakes for long enough, you'll find that any given server will issue the wrong signature occasionally, because of these bit flips. If you record the wrong signature(s) and use a fancy algorithm, you can recover the private key. While at first it may seem an unlikely attack, it's probably more real than you'd think, given the number of times any single server does TLS negotiation using a given private key. The attack becomes even more likely when you realize that multiple servers will be using the private key. In practice, this gives middle boxes more power, and raises their profile in the threat model significantly. This also opens up the possibility of simply collecting failed transient failed tls negotation data from a large number of (legitimate) clients to reconstruct a private key. |
|
|
now put your tinfoil hat on and suppose you worked for a paramilitary organization that had infiltrated the top 2 semiconductor manufacturers. You persuade the silicon designers, when implementing hardware accelerated crypto (or "management engines") to not do their jobs quite perfectly, no just leave room for a tiny bit of....error. Could never happen, right?