Playing ‘Hide and Seek’ with Stored Keys
In this paper we consider the problem of efficiently locating cryptographic keys hidden in gigabytes of data, such as the complete file system of a typical PC. We describe efficient algebraic attacks which can locate secret RSA keys in long bit strings, and more general statistical attacks which can find arbitrary cryptographic keys embedded in large programs. These techniques can be used to apply “lunchtime attacks” on signature keys used by financial institutes, or to defeat “authenticode” type mechanisms in software packages.
KeywordsFalse Alarm High Entropy Code Authentication Computation Overhead Modular Exponentiation
Unable to display preview. Download preview PDF.