1024-bit RSA encryption crackable
March 14th, 2010 No Comments »1024-bit RSA encryption is used around the world to protect web servers and other devices using OpenSSL. In the past only the RSA 768-bit version has been crackable using brute force methods with 1,500 years of processing time. Recently computer scientists from University of Michigan claim they are able to crack OpenSSL using a full 1024-bit RSA encryption by fluctuating the voltage on the servers power supply. Although the scientist say this type of attack can be easily prevented by changing the error-checking algorithm, they claim this type of attack is repeatable and consistent and able to be performed in just over 100 hours. Exponentially quicker than previous successful attacks on weaker key lengths.
Because direct access to the servers power supply is required to perform this attack, it is unlikely this vulnerability will be exploited in the wild on most servers. Many consumer devices like MP3 players, BluRay players, and mobile phones use RSA encryption to protect intellectual property. Consumer devices on the other hand are easy to gain physical access to and manipulated to gain access to intellectual property or private data.
More information can be found in their white paper (PDF) that will be presented next week in Dresden at the Design Automation and Test in Europe conference.
OpenSSL has acknowledged this vulnerability and are currently working on a patch.
Tags: Exploit, ssl, VulnerabilityAuthor: Christopher

