Friday, January 05, 2018

Hax!

Everyone is talking about the newly-discovered vulnerability in the architecture of a bunch of CPUs. But the vulnerability is to "side-channel attacks" and I didn't know what that was. So I looked it up. I seems that a side-channel attack requires physical access, so maybe the security threat isn't as dire or widespread as the media is making it out to be. But on the side-channel attack page they mention rubber-hose cryptanalysis

In cryptography, rubber-hose cryptanalysis is a euphemism for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion or torture—such as beating that person with a rubber hose, hence the name—in contrast to a mathematical or technical cryptanalytic attack.

And that's just beautiful.

No comments: