![]() The sound used to decode the encryption keys is produced not by the processor itself, but by the processor’s power supply, mainly the capacitors and coils. The group first described this attack vector at Eurocrypt 2004. It may sound a bit like magic, but this is a real attack – although it’s practicality may be questionable. , students researchers at Tel Aviv University and the Weizmann Institute of Science have successfully extracted 4096-bit RSA encryption keys using only the sound produced by the target computer. ![]() Posted in Microcontrollers, Security Hacks Tagged blue pill, GNU Privacy Guard, gpg, security token, stm32, Yubikey More evidence of what the dedicated individual can accomplish these days on a relatively limited budget. While it’s not exactly a common project, this isn’t the first time we’ve seen somebody spin up their own hardware token. While the sides are still open, the device looks robust enough to handle life in a laptop bag at least. An upper PCB, containing the status LEDs and touch pad, was then designed so it would fit over the main board as an enclosure of sorts. The original Micro USB port was also swapped for a male USB-A connector so the device could be plugged directly into a computer. To create his “TurtleAuth” dongle, started with the basic layout of the Blue Pill and added in a TTP223E touch control IC. The output of gpg -card-status showed the device was working as expected, so with the software sorted, it was time to take a closer look at the hardware. The ST-Link V2 was already a supported target, so it only took some relatively minor tweaks to get running and add support for a simple push button. The first step was to test the software out on the popular “Blue Pill” development board, which documents in the write-up should anyone want to give it a try themselves. All he had to do was build a suitable device to install it on. He found an open source project allows the STM32F103 to act as a USB cryptographic token for GNU Privacy Guard, which was a start. Feeling the cost of commercial options like the YubiKey and Nitrokey were too high, started researching DIY alternatives.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |