Does anyone here have heard about Jean-Pierre Seifert (universités d'Haïfa and d'Innsbruck) study about vulnerability of processsors againts attack towrd private/public key used in chryptographic algorythms ?

It seems to spy calculation time and branch prediction to "guess" a 512bits key in a few milliseconds...

a article in "Le Monde (France)" often speaks about Intel to be desparate since this news has been publicly available...

Are all cpu architectures vulnerables ?

Hi.

I wouldn't start a panic. This attack is only viable if both attacker and victim are on the same machine, so it isn't going to affect e.g., SSL.
Besides, it targets the RSA implementation, not the algorithm itself.

It is only effective on Pentium 4 CPU's, POWER etc. are unaffected. (BTB cache on Pentium IV makes this work).

Important lesson from this however, is that untrusting parties should not share the same computing resources, which is just common sense to me.

One more thing, this attack is nothing new - it has been known for several months. This is just an optimised version.


Best regards,
Johan

_________________
Johan Dams, Genesi USA Inc.
Director, Software Engineering

Yep, I have a blog... PurpleAlienPlanet

About encryption, there is also a big problem with Wifi's WEP encryption (and also WPA-PSK ?) as it can now be cracked easily.
Anyone having the adequate software and card can crack his neighbour wifi connexion and use it for surfing for free, and maybe do more "horrible" things as it uses the MAC address of the attacked computer, so it's recognized as a computer of the local network.
It seems that you can also watch what is inside the emails (not sure of that)...

So I think that the rule is the following : if you have sensisive files, never use a wifi connexion while the HD containing those files is connected and accessible at the same time !

i don't use WEP or WPA, i give access to my wifi connection for my computers only (mac addresses registered).

Let's not get paranoid. Ususally people concerned by security (i'm not talking about professionals) have nothing to secure ! I don't care if someone gets into my network, and watch my family pictures, read my personal email and all that stuff. I have nothing to hide. No forbidden porn and i'm not cheating on my wife !

I didn't want to starting a panic.

But, I think there's a big problem if x86 machine cannot store encrypted data if they are unable to keep a private key private...

SoundSquare:
So you never transfer anything privately over the Internet?
No online banking? No online shopping? No personal data that
can be sold to spammers?

Not encryptiing WiFi is pretty damn stupid. Anyone who wants
can decrypt WPA but it's less likely than all those who read
what you transfer unencrypted.

My teacher once told me that there is a higher probability that
more people read your personal e-mails than who reads that
classified you put up at your local grocery store..

It is so easy to spoof a mac adress......

i do agree, and as everything can be cracked i don't really see the point in saying that the way i do is more stupid than using wep or wpa, both easily crackable.

Hi.

WEP, WPA and Mac Address filtering makes it a little more difficult.
After that, just tunnel all your data through ssh for good security, especially banking etc.


Best regards,
Johan

_________________
Johan Dams, Genesi USA Inc.
Director, Software Engineering

Yep, I have a blog... PurpleAlienPlanet

WEP is hacked/cracked/broken. Don't use it anymore!

WPA is still be considered very secure and no successful attacks are known to my knowledge. This is only true if you use a strong password of course.

WPA2 is even more secure than WPA thanks to a complete implementation of IEEE 802.11i (see wikipedia for details)
Use AES rather than TKIP as encryption algorithm when you have the choice. It's faster and more secure than TKIP afaik.

MAC address filters are security through obscurity. It's very easy to actuall spoof a MAC address.

Personally I think the most secure way would be WPA2 encrypted WLAN with 802.1x/RADIUS based authentification.

Of course, thats what one would do. However, that might not be an option for home users...


Best regards,
Johan

_________________
Johan Dams, Genesi USA Inc.
Director, Software Engineering

Yep, I have a blog... PurpleAlienPlanet

Why not use IPsec between WiFi enabled nodes then? Any problem with IPsec security?

Karel

Better use something like openvpn. Much easier to setup than ipsec stuff.

It's still my opinion that theres no need to add another layer if wpa is used in a wlan.