top | item 39249097

(no title)

ivancho | 2 years ago

You can't simultaneously have that key strength is maintained as long as they don't know how many bits are flipped, or where in memory the key was, but also that leaking any number of bits is catastrophic. If your memory dump creates a different distribution on the space of possible keys, it has already compromised the cryptographic security of the key, it's just a question of how much, and the answer here is a lot - even if we had GBs of garbage data, that is still tiny compared to the whole space and can be sifted extremely quickly

discuss

matheusmoreira|2 years ago

> If your memory dump creates a different distribution on the space of possible keys

Is it possible to determine that this has happened though? If you're trying to recover an image and a bunch of bits are flipped, the result might be somewhat corrupted but a coherent image will still be visible. You know that the data was corrupted and where the damage is. Ciphers have avalanche effects, a single bit flip produces completely unusable output which by design reveals no information.

ivancho|2 years ago

There is extensive research on key finding attacks. Often they only need 30% of the bits. Things can be sped up by exploiting entropy - keys are really random, unlike most of the rest of your memory, so that filters things down, and as you said, an incorrect key produces total garbage on decrypt, which is easy to detect, so you can automate testing and discarding key candidates. Lastly, if you have knowledge of the applications or algorithms involved, you often get some extra data structure around the keys, which makes searching the memory dump trivial.

All that is to say, yes, this is a viable attack vector, even if some or many of the bits are flipped