I'll add that it is obvious when certain types of calculation start, too. It's neat to be able to point to this and say I wasn't crazy to a few friends who didn't believe me.

On an older computer an animated gif on a web page caused my speakers to feedback differently than playing video (and this worked even when the sound card was muted). And the signals never fully masked each other. I always suspected it was a grounding fault, but it was subtle and generally unobtrusive so I never tried to fix it (it's almost a feature, like a blinking hard drive light).

Notably it is far easier to hear through the amplifier that is the sound card, but even with no speakers, a quiet room will still show the same. As others noted above, CRT monitors are notoriously loud, and you can definitely hear different image patterns.

I can also get a good idea whether the CPU is idle or doing some particular task just by listening to the motherboard. This isn't any sort of paranormal effect, it's quite audible. I suspect most of it comes from the inductors on the CPU vcore DC-DC converter.

For me, the sounds I hear are somewhat like this: Animated GIF = chuff-chuff-chuff, one chuff per frame transition Scrolling terminal window = low hissing, like someone slowly breathing out Dragging window around the screen = high-pitched whine CPU stress test = very high-pitched whistling Loading a big app = a more noisy hiss than scrolling the terminal window, interspersed with HDD sounds

I was tested at a young age to have above-average hearing range, so maybe that also has a factor in how well you can hear these things; I don't listen to loud music or subject myself to loud noises either.

And again, if you your only doing one thing at a time that might work. But if you are doing multiple things you aren't going to extract that.

If you had an old 286 you might be able to hear peizo's but your laptop doesn't have many of the old style caps that hum with any appreciable noise. Your power isn't clean enough that you can separated the other noises, and with Wifi enabled you have all sort of other noises.

What is described here isn't possible with acoustics. Anyone with even a rudimentary understanding of Audio can see that.

Brandon Wirtz SMPTE Committee Member for the H.264 and VC1 audio and video standards (someone with rudimentary understanding of audio)

Have you read the paper yet? You might be interested in figures 7-9, which show spectrographic measurements of exactly what you're claiming is impossible. Sections 4 and 5 go on to describe how you can use these measurements to get fairly accurate timing information about individual RSA key operations. What you seem to be missing is that, even though the audio bandwidth isn't nearly high enough to resolve individual CPU instructions, aggregated timing measurements can still leak a substantial amount of information. This is well-established in the crypto literature, and it's now standard practice to write code robustly to this sort of attack by making the timing data-independent.

As a side note: it's not clear to me what being an "SMPTE committee member" entails, or why it confers any special expertise about cryptographic side-channel attacks. I only point that out because you've mentioned it in two separate comments now, and I don't see why it's relevant.

If you can name a single specific claim that you don't think is defensible, I might be inclined to take your argument more seriously. But so far, everything you've said is a vague generality that continues to support my theory that you haven't read the paper and don't understand the method being described.

The claim that there is a significant difference in the emitted sound from a capacitor based on the value of an RSA Key. May or may not be true.

That that sound is significant enough that you can use a microphone, to pick it up from a distance greater than a fraction of an inch is implausible.

That the sound difference is such that it can be captured with any of the setups pictured in the paper is impossible. There are systems designed for frequency isolation that do megahertz sampling rates which you could convince me are capable of reading the 1's and 0's out of a 286. The frequencies of modern electronics that is simply not possible.

>That the sound difference is such that it can be captured with any of the setups pictured in the paper is impossible. There are systems designed for frequency isolation that do megahertz sampling rates which you could convince me are capable of reading the 1's and 0's out of a 286. The frequencies of modern electronics that is simply not possible.

They are claiming to pick up a rather large algorithm change in code that runs for dozens of milliseconds to extract a single bit. A loop taking a bit over 26 vs. a bit over 28 microseconds in the example (or something reasonably close to that description). Why would this need such high-end equipment to pick up?

That's a claim that the authors aren't making. As has been repeatedly pointed out, the attack depends on timing the execution of blocks of code which take much longer than a single instruction, so the 44.1kHz sampling rate described in the paper is sufficient.