Ok, Be Afraid if Someone's Got a Voltmeter Hooked to Your CPU
Mar 08, 2010, 00:02 (4 Talkback[s])
(Other stories by Bradley M. Kuhn)
"Unfortunately, these promotional parts of the paper are the
sections that focus on the negative implications for OpenSSL. In
the rest of the paper, OpenSSL is merely the software component of
the experiment equipment. They likely could have used GNU TLS or
any other implementation of RSA taken from a book on cryptography1.
But this fact is not even the primary reason that this article
isn't really that big of a deal for daily use of cryptography.
"The experiment described in the paper is very difficult to
reproduce. You have to cause very subtle faults in computation at
specific times. As I understand it, they had to assemble a
specialized hardware copy of a SPARC-based GNU/Linux environment to
accomplish the experiment."