I’m amazed at the lengths that cryptography experts will go to in order to uncover weaknesses in a particular encryption scheme. (Chad’s News readers may recall this post where the hacker used acid and an electron microscope to reveal the circuitry of an encrypted microchip.) This time a vulnerability was found in OpenSSL, which is used by just about everyone. The researchers modified the power supply in such a way that it caused a one-bit error, and from that error they were able to obtain four bits of the 1024-bit secret key. They continued to produce the errors until they had enough data to piece together the entire key.
Taking note of the date of the linked article (March 2010), I’m guessing they’ve fixed this problem in OpenSSL. And while the method might work on other implementations, as well as on older hardware that still uses an unpatched version of OpenSSL, I don’t really see this as being an issue for the normal Chad’s News reader.
Thanks to Josh for this topic.