Christopher Kalos

Technology, Hobbies, and New Ideas

An avid techie since childhood, I've finally decided that it's time to establish my own presence on the web, as opposed to outsourcing it to a bunch of social network pages.

Here you'll find musings, my professional history, and anything that catches my interest.

As will become obvious as this page grows, I'm an Apple user, through and through:  When I work, I use the best tools for the job.  Sometimes that's Microsoft-based, sometimes it's Apple-based, and often, it's Linux-based.  Once I'm at home, though, I find that comfort, simplicity, and ease of use trump all of the flexibility in the world.   

Cool counts for a lot.  Simplicity counts for a lot more.


Listening In On Encryption

ExtremeTech covers this in detail, and there's certainly some reasons to be concerned, but I don't see it as something to lose sleep over.

In summary, by listening to the noise generated by the voltage regulator in a modern CPU, you can make a pretty good guess as to what bits are being processed.  Get it right, and you have the decryption key, which unravels the entirety of the GPG algorithm.

I can think of a few ways around this, some more elegant than others.

  • Generate white noise that might confuse the eavesdropper.
  • Disable the CPU scaling capabilities, thus removing much of the noise from the voltage regulator.
  • Junk math.  Run some parallel decryption-like operations on a random data source.

I'm a bigger fan of the third method:  You don't compromise overall system behavior, and you don't need to rely on speakers being active.

The real reason I'm not worried in this particular case is that the encryption that was cracked is GPG. Once someone comes up with a fix and submits a patch, it will be officially rolled into an upcoming release, and in the meantime, the patch will be out there for those who want it.

Overall, really cool stuff, and just another example of why security is a process, and not a product:  It's never enough to own a lock, you also have to use it properly and maintain it over time.