Real-world Web servers—even overheated or overclocked ones—are not going to reliably kick out the calculation errors by the thousands required for an attack.
An attacker would effectively need to have physical access to a system to make this attack work, Kocher says. ”For a Web server, you don’t let in any bad guy who wants to come in and play with the power supply,” he says. ”You keep it behind locked doors for reasons that go far beyond just this kind of attack. Practical consequences for Web servers I would say are pretty slim.”
University of Massachusetts professor of computer science Kevin Fu says he doubts that the attack, which was staged in a lab with an easily manipulated crypto chip, could easily be executed by real-world hackers.
”In order for this attack to work in practice, the adversary needs to have access to...the electricity to a specific pin on a chip,” Fu says. ”There’s a big difference between a power outage of a building and controlling precise micropower fluctuations.”
Bookmarks