elvis_marmaduke
Member
Haha that's awesome
You have just been post-pwned.
You have just been post-pwned.
DroidForums.net | Android Forum & News
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Possible Ways to Crack the Bootloader
- Thread starter aliasxerog
- Start date
random190user44
Member
What about this? Different way. Kinda cool but different level of encryption. http://m.engadget.com/default/artic...rving-cpu-of-ele/&category=classic&postPage=1
Sent from my DROID2 using DroidForums
At first glance, it seems like a great idea. They said that there might be a fix coming for it, but it sounds like an inherent problem with cpus.
Sent from my DROID2 using DroidForums
That was discussed in another thread in the PBF section. Unfortunatly it's pretty much all theroy, no record of anyone actually succeeding in using it outside of a test enviroment.However I have the equipment to replicate the hardware aspect of it.
Sent from my DROIDX using DroidForums
Sent from my DROIDX using DroidForums
What about this? Different way. Kinda cool but different level of encryption. 1024-bit RSA encryption cracked by carefully starving CPU of electricity -- Engadget
Sent from my DROID2 using DroidForums
This is not something that has any practical purpose...it's actually similar to the hash collision argument from earlier in the thread. Sure, in theory, this can be done but it's not as easy as just taking your device and messing with the voltage. they had a very rigid test situation/environment thats hard to duplicate
for one, you have to have access to the machine that's encrypting. not the client. so you cant just take your phone and start doing this. that's not what they're saying they did. from their paper:
"Our fault-based attack can extract a server’s private key by injecting faults in the server’s hardware, which produces intermittent computational errors during the authentication of a message. We then use our extraction algorithm to compute the private key d from several unique messages m and their corresponding erroneous signatures s."
in other words, you need the server not the client. in other words, it's not gonna work, and in even more other words it's not anything that means RSA encryption is in trouble and people should stop online banking, shopping or doing anything else that deals with 1024 encryption. it's quite safe.
They were demonstrating it for cracking a server, where you would have physical access to the server. Not pratical, but in the research paper it does say it could only be used on consumer electronics where you have physical access. Lowering the voltage would actually be very easy. The idea is sound in theroy just not easy in any way in practice. Dont forget they had a 81 machine dedicated cluster too.
Sent from my DROIDX using DroidForums
Sent from my DROIDX using DroidForums
They were demonstrating it for cracking a server, where you would have physical access to the server. Not pratical, but in the research paper it does say it could only be used on consumer electronics where you have physical access. Lowering the voltage would actually be very easy. The idea is sound in theroy just not easy in any way in practice. Dont forget they had a 81 machine dedicated cluster too.
Sent from my DROIDX using DroidForums
exactly. it's a theory, but an extremely impractical one to the point of uselessness. you need access to the machine that's doing the encrypting. if you have access to it then yes, lowering the voltage is a piece of cake.
but there's an easy way for motorola to prevent something like this from ever happening. know what it is? pay a security guard $14/hr to stand in front of the building where the server is kept, and lock the server door and implement a security system. this would probably make it harder then brute forcing the damn thing lol...
this "crack" is impractical, because why would anyone allow you to see the hardware that encrypts if their goal is to encrypt something? that's like me saying, "my house is locked and you'll never get in!!" and then handing you the keys...
666ogre666
Member
What about this? Different way. Kinda cool but different level of encryption. http://m.engadget.com/default/artic...rving-cpu-of-ele/&category=classic&postPage=1
Sent from my DROID2 using DroidForums
Luckily I happen to have 81 pentium 4 chips lieing around. Ill get crackin!
Sent from my Droid using DroidForums
What about this? Different way. Kinda cool but different level of encryption. 1024-bit RSA encryption cracked by carefully starving CPU of electricity -- Engadget
Sent from my DROID2 using DroidForums
Luckily I happen to have 81 pentium 4 chips lieing around. Ill get crackin!
Sent from my Droid using DroidForums
lol yeah, i mean all you need is 81 P4s, 104 hours and access to the server. This is a highly viable solution! LOL
Well we wouldn't have to have assess to Moto's severs, aren't the private keys in the rom of the OMAP?
Sent from my DROIDX using DroidForums
No, you need the machine that's doing the encrypting, because the faults are injected during the authentication of the message. you can't just lower voltage on your phone and be done with it. if that was the case, every company in the world would be scrambling to protect their client data and this would have received far more attention than it has...
remember its something like 95% (dont quote me) of companies on the web that use 1024bit SSL. this would have been a national disaster if it was so "easy" to do.
you need access to motorola's server, not anything on your phone. and like i said, a lock, a security guard and an alarm system would effectively make this a useless "crack".
random190user44
Member
So, if someone were able to have access to the machine (I know its not going to happen, but just so I can understand things clearly...), then this process could be done in a reasonable amount of time (meaning not universes age^83384), so long as someone had a cluster of computers to do the rest of the work?
Sent from my DROID2 using DroidForums
Sent from my DROID2 using DroidForums
So, if someone were able to have access to the machine (I know its not going to happen, but just so I can understand things clearly...), then this process could be done in a reasonable amount of time (meaning not universes age^83384), so long as someone had a cluster of computers to do the rest of the work?
Sent from my DROID2 using DroidForums
yes, according to what they published yes.
Oh I was under the impression that it was used to spit out keys from something that required keys for access.
Sent from my DROIDX using DroidForums
Nah, then every hacker who has some money and the resources could just sit at home and get private keys at will for all encrypted devices, certificates etc. it would have been done already a long time ago if this was the case...
the machine that does the encrypting is the one that vulnerable to this "crack", but any machine that matters is of course not going to be in a vulnerable, nonsecure location...
Similar threads
- Replies
- 4
- Views
- 3K
- Replies
- 11
- Views
- 6K
- Replies
- 1
- Views
- 4K