1024-bit RSA Encryption in GnuPG Crypto Library Cracked-Patch Available
Security researchers have found a critical vulnerability, tracked as CVE-2017-7526, in a Gnu Privacy Guard (aka (GnuPG or GPG) cryptographic library that allowed them cracking RSA-1024 and extract the RSA key to decrypt data.
Linux users need to check out their distributions to see if a nasty bug in libgcrypt20 has been patched. The patch, which has landed in Debian and Ubuntu, is to address a side-channel attack published last week.
The researchers published their work at the International Association for Cryptologic Research’s e-print archive last week. The paper was authored by David Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom (who hail variously from the Technical University of Eindhoven, the University of Illinois, the University of Pennsylvania, the University of Maryland, and the University of Adelaide). What they found is that the libgcrypt library used what’s called “sliding windows”, a method for carrying out the mathematics of cryptography – but one that’s known to leak data.
The researchers looked at the left-to-right sliding window calculation in libgcrypt, in which the sliding window data leak was tolerated because it was believed only part of a key was recoverable (40 percent of bits in a four-bit sliding window; 33 percent in a five-bit sliding window).
“We show for the first time that the direction of the encoding matters: the pattern of squarings and multiplications in left-to-right sliding windows leaks significantly more information about the exponent than right-to-left”.
To get at the processing, the researchers also needed to carry out a side-channel attack, specifically a flush+reload cache-timing attack “that monitors the target’s cache access patterns”.
Source | The Register