Researchers Find Way To Zap RSA Algorithm

alphadogg writes "Three University of Michigan computer scientists say they have found a way to exploit a weakness in RSA security technology used to protect everything from media players to smartphones and e-commerce servers. RSA authentication is susceptible, they say, to changes in the voltage supply to a private key holder. While guessing the 1,000-plus digits of binary code in a private key would take unfathomable hours, the researchers say that by varying electric current to a secured computer using an inexpensive purpose-built device they were able to stress out the computer and figure out the 1,024-bit private key in about 100 hours – all without leaving a trace. The researchers in their paper outline how they made the attack (PDF) on a SPARC system running Linux."

Linux on Sparc?

[newdsfornerds]

Gee, does anyone run Linux on Sparc in production, or know anyone who knows anyone who does or did? Heh.
Yeah I know these distros exist and work well. It's just an odd choice of platform, IMHO.

good news

[bugs2squash]

that it seems possible to defend against these attacks with a software change, for example validating the result before sending it.