The above video goes away if you are a member and logged in, so log in now!
Post By mathieulh
a (new) approach for breaking crypto?
a (new) approach for breaking crypto? –
herp derp, good idea. But i prefer we brute force our way through everything
Originally Posted by usr4da3
Interesting approach - thing is : how long did it take to calculate the key..
I'm not an expert in crypto, but if this actually works (in a decent time), it could lead to big fallout
But they are saying the fault is in OpenSSL and not in generating the ECDSA, so for grabbing the ps3 keys
it is not relevant?!
As i understood, OpenSSL was the subject for research but the core problem is much more general. I don't think all the other ECDSA Implementations are paying attention on constant time execution.
...and if they managed to get the priv key of a TLS server, it worked (in a decent time)
But they're saying OpenSSL is faulty not ECDSA itself...
Where is math, when you need a crypto expert?
This is an openssl implementation weakness allowing for a timing attack, it's not an ECC weakness on its own and thus unless the way the ECDSA check is implemented on the ps3 allows for timing attacks this won't work.
Originally Posted by ModIT
Which means it has to be investigated but don't get your hopes up.
Given that the crypto library on the PS3 is RSA's version of libcrypto (Eric Young went to work for them), it's a real possibility that it could suffer from some of the same weaknesses as OpenSSL.
Originally Posted by mathieulh
But only a possibility.
Of course for all I know that's only used for SSL/TLS comms and is nothing to do with the various loaders and their checks, so I may well be talking out of my arse.
Last edited by RatAndDragon; 05-25-2011 at 01:11 AM.
Try it - if it really works, i'm sure scienctific magazines would publish a paper about it.
The easiest solution is obviously to break into Sony's offices and steal the encryption keys
Or blackmail an employee to do so.