August 2006 saw the disclosure of a fairly interesting attack against the RSA encryption algorithm (most famously being used in SSL – protecting online transactions). While it didn’t target the actual algorithm, which still has not been broken, it is a so-called side channel attack, targeting the peculiarities associated with implementing the algorithm on various computing hardware.
The team behind the initial disclosure have recently submitted a modified approach to the attack, resulting in almost-astronomical improvements in attack efficiency.
In basic terms, the attacks rely upon a phenomenon known as ‘Branch Prediction Analysis’, where a program / attacker is able to predict what other software is doing as it passes through the CPU of a system.
In the first iteration of the described attack, the method required snooping on what was happening with the CPU for a relatively long period (or number of cycles), and certain software that implemented SSL protection (OpenSSL) quickly introduced patches to protect against this listening attack.
While many hardware manufacturers and Operating System developers have introduced...