Low-Bandwidth Acoustic Cryptanalysis

Bug #1263189 reported by Removed by request
6
Affects Status Importance Assigned to Milestone
GnuPG
New
Undecided
Unassigned
Mozilla Firefox
New
Undecided
Unassigned
cryptsetup
New
Undecided
Unassigned
eCryptfs
New
Undecided
Unassigned
portable OpenSSH
New
Undecided
Unassigned

Bug Description

2 days ago a document was published (http://www.cs.tau.ac.il/~tromer/acoustic/) which demonstrates how to get the key of cryptographic algorithms due to acustic signals of the cpu, the electric potential and even the power consumption. Because Q10 points out that maybe other cryptographic algorithms could be affected I'm creating this report for applications that uses them like ecryptfs, dm-crypt, Firefox (master password), etc. to go sure if they are affected and need to be fixed or not. At least GnuPG 1.4.16 and 2.x are already safe against this attack.

affects: ecryptfs-utils (Ubuntu) → ecryptfs
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.