00:50:50 (BingoBoingo> ;;later tell asciilifeform The Cardano is going to be soundproof, right? http://it.slashdot.org/story/13/12/18/2122226/scientists-extract-rsa-key-from-gnupg-using-sound-of-cpu
00:50:51 (gribble> The operation succeeded.
00:50:51 (mikaeldice> A tiny bounty, but no entry fees. I don't want to take people's money, even if it'd make the challenge more interesting. At the same time, with little to gain, I would make the bounty much smaller
00:52:03 (mike_c> the gain is proof of your system, right? unless you are expecting to get hacked and the gain is for you to learn about holes.
00:53:03 (asciilifeform> BingoBoingo: this attack is simply a variant of the traditional 'Differential Power Analysis'
00:53:15 (mikaeldice> Dual purpose: If nobody hacks it, this adds evidence of 'sufficiency' with the security, and if someone does hack it then I can patch the holes and reinit the prize until no more holes are found
00:53:17 (BingoBoingo> Ah
00:53:20 (asciilifeform> the sound is coming from the power supply inductor
00:53:49 (asciilifeform> this is really from the fact that a pc cpu is a monster hog
00:54:23 * lewicki (~lewicki@unaffiliated/lewicki) has joined #bitcoin-assets
00:54:26 (asciilifeform> and typically exists in one of two states - 'halt', with reduced power draw, and 'run' (interrupt throws cpu out of halt state.)
00:54:42 (asciilifeform> idle loop in modern os scheduler sits the cpu in 'halt'
00:56:08 (asciilifeform> virtually any device containing a switched power supply 'hisses' this way
00:56:55 (asciilifeform> there are no inductors (switching power supply or otherwise) in cardano...
00:57:41 (asciilifeform> nor is the 'low power state' feature of the microcontroller made use of; nor is there an operating system, in the usual sense, or a scheduler...
00:58:10 * Duffer1 (~chatzilla@c-98-232-231-188.hsd1.or.comcast.net) has joined #bitcoin-assets
00:58:10 (the20year2> mikaeldice: for us it was just a way to crowdsource funding on something that traditional investors wouldn't bite into
00:59:29 (the20year2> The hope/assumption in the beginning was that we would be able to outpace the appreciation of bitcoin through the way we are handling real estate. Growth has been fantastic, but it hasn't outpaced bitcoin like we'd hoped. So, then the hope later on, and it hasn't come to fruitition was a reverse hedge against BTC.USD drops like what we've been seeing. I tried to get investments again when BTC hit $1200 and few I talked
00:59:57 (assbot> [MPEX] [S.MPOE] 10724 @ 0.00090502 = 9.7054 BTC [-]
01:00:58 (assbot> [HAVELOCK] [AM1] 1 @ 0.27 BTC [+]
01:03:00 (assbot> [MPEX] [S.MPOE] 45400 @ 0.0009093 = 41.2822 BTC [+] {5}
01:04:02 (zz_> asiclifeform: isn't the CPU running at a few Ghz, while sound (20Khz? What exactly would the cellphone pick up?
01:05:33 (mike_c> that is actually the crux of the paper.
01:05:43 (asciilifeform> zz_: it's picking up 'idle' vs 'halted'
01:05:51 (asciilifeform> from which one can deduce execution path.
01:05:59 (asciilifeform> this is a variation on the old theme of cache probe attack
01:06:07 (assbot> [MPEX] [S.MPOE] 8950 @ 0.00090502 = 8.0999 BTC [-]
01:06:07 (asciilifeform> (as noted in the paper)
01:06:59 * nubbins` (~nubbins`@stjhnf0148w-142134201245.dhcp-dynamic.FibreOp.nl.bellaliant.net) has joined #bitcoin-assets
01:07:00 (zz_> didn't read the PDF. Guess that would help.
01:07:27 (mike_c> tldr: "In a nutshell, the key extraction attack relies on crafting chosen ciphertexts that cause numerical
01:07:27 (mike_c> cancellations deep inside GnuPG’s modular exponentiation algorithm. This causes the special value
01:07:27 (mike_c> zero to appear frequently in the innermost loop of the algorithm, where it afects control fow. A single
01:07:28 (mike_c> iteration of that loop is much too fast for direct acoustic observation, but the efect is repeated and
01:07:28 (mike_c> amplifed over many thousands of iterations, resulting in a gross leakage effect that is discernible in the
01:07:28 (mike_c> acoustic spectrum over hundreds of milliseconds"
01:07:49 (mike_c> that pasted poorly
01:08:22 (asciilifeform> the bit about leaking electrolytic caps 'buzzing' is unsurprising.
01:09:04 (mike_c> so the good news, as far as i can tell, is that you have to be decrypting a known, specially crafted message.
01:09:43 (asciilifeform> 'More generally, we observed strong positive correlation between machine
01:09:43 (asciilifeform> age, in terms of calendar time and usage, and the cryptanalytic usefulness of their acoustic emanations.'
01:10:15 (asciilifeform> that statement, even if true - i can almost see the censor's red ink slipping that in.

http://www.cs.tau.ac.il/~tromer/acoustic/

Said problem has been promptly fixed in the GnuPG package

http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html

Wondering if your product needs to consider the implications of the said paper.