Re: Secure passwords?

"nemo_outis" <abc@xxxxxxx> wrote in message
news:Xns9721C1F394A42abcxyzcom@xxxxxxxxxxxxxxxxxx
> "lyalc" <lyalc@xxxxxxxxxxxxxx> wrote in
> news:dmtetn$n3g$1@xxxxxxxxxxxxxxxx:
>
> > Actually, if you think about it, low speed systems are much, much
> > easier to detect/compromise, in a tempest sense.
> >
> > Signal emissions are usually the first 5-20 harmonics of the clock
> > speed. A clock of 100 Mhz probably needs a receiving AND PROCESSING
> > bandwidth of 500-1000 Mhz.
> >
> > A clock speed of 3 Ghz can mean a processing bandwidth (analog or
> > digital ) exceeding 10 Ghz.
> > That's a fairly expensive set of kit, super-computing scale, not
> > suitcase sized, portable gear, especially if you are looking for
> > near-real-time recovery, not SETI-style post analysis.
> > Often, these higher frequencies have much less energy/radiated power
> > than lower speed clocks, for a variety of technical reasons.
> > So the detection range (signal over noise) is probably much less,
> > potentially minimising the 'volume' of risk.

<snip>

The real reason is even more simple - faster boxes tend to radiate more and,
since most of that is the computer equivilent of "tum-te-tum, hurry up and
type something", the interferance will help to conceal unshielded keyboard
and screen signals (which is all one is interested in).

> Some interesting speculations (and with Tempest we are all speculating to
> some degree).

Not necessarily (although I certainly don't claim to be an expert!). Even
the most unobservant person will be able to compare and contrast a bit of
Tempested kit that they are using day-in, day-out with the equivilent
standard kit. Last I looked, the UK classification for Tempest was the same
level as the canteen menu at the local Job Centre.

<snip>

> However, much of this is beside the point. While Tempest (emsec)
> interceptions could concentrate on CPU processor (and related)
> frequencies, most descriptions so far (including the original van Eck
> paper) concentrate on peripherals, such as the CRT display. Frequences
> here are standardized and independent of the CPU-related frequencies.
> And we know that CRT emmissions are strong, strong enough to have caused
> efforts (TUV, etc.) to reduce emissions for health, rather than emsec
> reasons.

CRT and keyboard both - the whole point is that you're trying to sniff data
traffic, and any network information is going to be via fibre, which is
itself protected to a greater or lesser degree.

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!


.

Relevant Pages

  • RE: [Full-disclosure] Tempest today
    ... TEMPEST is old stuff. ... It's simply the ability to block any and all unintentional signals ... passive electronic components (things like resistors and real bugs). ... I've seen some fuss about the technique called "tempest" lately. ...
    (Full-Disclosure)
  • Re: Secure passwords?
    ... > The real reason is even more simple - faster boxes tend to radiate ... > Tempest was the same level as the canteen menu at the local Job ... >> frequencies, most descriptions so far (including the original van ...
    (alt.computer.security)