a (new) approach for breaking crypto?

**usr4da3** · 05-23-2011,08:30 AM

http://eprint.iacr.org/2011/232.pdf

**modshroom128** · 05-23-2011,12:33 PM

Originally Posted by usr4da3

http://eprint.iacr.org/2011/232.pdf

herp derp, good idea. But i prefer we brute force our way through everything

**ModIT** · 05-23-2011,01:09 PM

Interesting approach - thing is : how long did it take to calculate the key..

I'm not an expert in crypto, but if this actually works (in a decent time), it could lead to big fallout
But they are saying the fault is in OpenSSL and not in generating the ECDSA, so for grabbing the ps3 keys
it is not relevant?!

**usr4da3** · 05-24-2011,04:33 AM

As i understood, OpenSSL was the subject for research but the core problem is much more general. I don't think all the other ECDSA Implementations are paying attention on constant time execution.

...and if they managed to get the priv key of a TLS server, it worked (in a decent time)

**ModIT** · 05-24-2011,04:43 AM

But they're saying OpenSSL is faulty not ECDSA itself...

Where is math, when you need a crypto expert?

**mathieulh** · 05-24-2011,08:01 AM

Originally Posted by ModIT

But they're saying OpenSSL is faulty not ECDSA itself...

Where is math, when you need a crypto expert?

This is an openssl implementation weakness allowing for a timing attack, it's not an ECC weakness on its own and thus unless the way the ECDSA check is implemented on the ps3 allows for timing attacks this won't work.

Which means it has to be investigated but don't get your hopes up.

**RatAndDragon** · 05-25-2011,12:53 AM

Originally Posted by mathieulh

This is an openssl implementation weakness allowing for a timing attack, it's not an ECC weakness on its own and thus unless the way the ECDSA check is implemented on the ps3 allows for timing attacks this won't work.

Which means it has to be investigated but don't get your hopes up.

Given that the crypto library on the PS3 is RSA's version of libcrypto (Eric Young went to work for them), it's a real possibility that it could suffer from some of the same weaknesses as OpenSSL.

But only a possibility.

--EDIT--

Of course for all I know that's only used for SSL/TLS comms and is nothing to do with the various loaders and their checks, so I may well be talking out of my arse.

**ModIT** · 05-25-2011,03:23 AM

Try it - if it really works, i'm sure scienctific magazines would publish a paper about it.

**GhostOfMork** · 06-06-2011,03:36 AM

Originally Posted by modshroom128

herp derp, good idea. But i prefer we brute force our way through everything

I was thinking the same thing in relation to this;

Whitepixel v2: configurable charset, higher performance (33.1 billion password/sec!) - Zorinaq

**AlternateZ** · 06-12-2011,02:25 AM

The easiest solution is obviously to break into Sony's offices and steal the encryption keys

Or blackmail an employee to do so.

User Tag List

Thread: a (new) approach for breaking crypto?

Tweet

LinkBack

Thread Tools

Display


	Would you like to get all the new info from PSX-Scene in your email each day? Subscribe to our Daily Digest! Want to learn more about the team keeping you up to date with the latest scene news? Read about them now! Check out our Developer bios, too!