The ingenuity of cryptanalysts

I've been a long-time critic of Digital Rights Management (DRM), not so much on philosophical grounds but on practical grounds—I just don't see how it can be made robust enough and secure enough. Those cunning cryptanalysts have come up with a theoretical timing attack against DRM which just completely undermines the concept of DRM on multi-tasking general purpose CPUs, including all desktop computers.

Cryptanalysts already known the time taken to make different calculations using the same encryption key might, in theory at least, give attackers code-breaking clues in much the same way electro-magnetic leakage or power fluctuations can be used in so-called "side-channel" attacks on secure systems. The new so-called Branch Prediction Analysis (BPA) attack is a refinement on this approach that makes code breaking feasible on commodity PCs instead of expensive high-performance kit.

A carefully written spy-process, running alongside the RSA-process, is able to collect almost all the secret bits used in an RSA signing operation by monitoring the states of a CPU. The approach yields far quicker results than statistical analysis, cryptography researchers say.

I don't understand all the maths entirely, but Bruce Schneier who has rather a good reputation in this area thinks it's good.

Cory Doctorow of eff.org has an excellent presentation on why DRM won't work.

cheers, stuart