Researchers Crack 1024-bit RSA Encryption in GnuPG Crypto Library

Discussion in 'Cyber' started by YarS, Jul 4, 2017.

Share This Page

  1. YarS

    YarS Lieutenant Colonel

    Joined:
    Oct 14, 2016
    Messages:
    1,271
    Likes Received:
    1,014
    Location:
    Russian-Federation
    Hobby:
    Wh40k, Battletech
    Security boffins have discovered a critical vulnerability in a GnuPG cryptographic library that allowed the researchers to completely break RSA-1024 and successfully extract the secret RSA key to decrypt data.

    Gnu Privacy Guard (GnuPG or GPG) is popular open source encryption software used by many operating systems from Linux and FreeBSD to Windows and macOS X.

    It's the same software used by the former NSA contractor and whistleblower Edward Snowden to keep his communication secure from law enforcement.

    The vulnerability, labeled CVE-2017-7526, resides in the Libgcrypt cryptographic library used by GnuPG, which is prone to local FLUSH+RELOAD side-channel attack.

    A team of researchers — from Technical University of Eindhoven, the University of Illinois, the University of Pennsylvania, the University of Maryland, and the University of Adelaide — found that the "left-to-right sliding window" method used by the libgcrypt library for carrying out the mathematics of cryptography leaks significantly more information about exponent bits than for right-to-left, allowing full RSA key recovery.

    "In this paper, we demonstrate a complete break of RSA-1024 as implemented in Libgcrypt. Our attack makes essential use of the fact that Libgcrypt uses the left-to-right method for computing the sliding-window expansion," the researchers wrote in the research paper.
    "The pattern of squarings and multiplications in left-to-right sliding windows leaks significantly more information about the exponent than right-to-left. We show how to extend the Heninger-Shacham algorithm for partial key reconstruction to make use of this information and obtain a very efficient full key recovery for RSA-1024."
    L3 Cache Side-Channel Attack requires an attacker to run arbitrary software on the hardware where the private RSA key is used.

    The attack allows an attacker to extract the secret crypto key from a system by analyzing the pattern of memory utilization or the electromagnetic outputs of the device that are emitted during the decryption process.

    "Thus in practice, there are easier ways to access the private keys than to mount this side-channel attack. However, on boxes with virtual machines, this attack may be used by one VM to steal private keys from another VM," Libgcrypt advisory reads.
    Researchers have also provided evidence that the same side channel attack also works against RSA-2048, which require moderately more computation than RSA-1024.

    The research paper titled, 'Sliding right into disaster: Left-to-right sliding windows leak,' was authored by Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Christine van Vredendaal, Tanja Lange and Yuval Yarom.

    Libgcrypt has released a fix for the issue in Libgcrypt version 1.7.8. Debian and Ubuntu have already updated their library with the latest version of Libgcrypt.

    So, you are strongly advised to check if your Linux distribution is running the latest version of the Libgcrypt library.
     
    Osmanovic likes this.
  2. YarS

    YarS Lieutenant Colonel

    Joined:
    Oct 14, 2016
    Messages:
    1,271
    Likes Received:
    1,014
    Location:
    Russian-Federation
    Hobby:
    Wh40k, Battletech
    Everything, made by one man - can be broken by another.
    Think about it.
     
    Osmanovic likes this.
  3. Osmanovic

    Osmanovic 1st Lieutenant

    Joined:
    Jan 29, 2016
    Messages:
    221
    Likes Received:
    336
    Location:
    United-States
    Wait till quantum computing develops, all current encryption algorithms will be cracked.
     
    YarS likes this.
  4. YarS

    YarS Lieutenant Colonel

    Joined:
    Oct 14, 2016
    Messages:
    1,271
    Likes Received:
    1,014
    Location:
    Russian-Federation
    Hobby:
    Wh40k, Battletech
    "Algorithms" - may be. But not all "encrypted messages". Did you read article of Shannon "Communication Theory of Secrecy Systems"?
    http://netlab.cs.ucla.edu/wiki/files/shannon1949.pdf
    ..
    Verrnam Cipher, for example, is absolutely cryptographic strong (when it is used correctly).
    Yes, I know, that strong cryptographic is illegal in modern USA. So, may be, it's better to use steganography, for example by sending to your friends photoes of kittens (or something else) with modificated Morse Code. White kitten means dot, black kitten means dash, other colours email just a noise. One photo is one letter, combination is a word. There are nothing suspiciouse for any police officer who had intercept DVD or HAD with message, becouse he can not understand that it is encrypted message. And yes, you have no need in special encrypting/decrypting soft - watch the photoes and read message - all decryption is in your brain.
     
    Last edited: Jul 5, 2017
    Osmanovic likes this.
  5. YarS

    YarS Lieutenant Colonel

    Joined:
    Oct 14, 2016
    Messages:
    1,271
    Likes Received:
    1,014
    Location:
    Russian-Federation
    Hobby:
    Wh40k, Battletech
    For example:
    [​IMG]
    [​IMG]

    [​IMG]

    Three dots, three dashes, three dots - SOS.
    For practical needs, of course, you should use more noise photoes, and/or use perversed porno photoes that allow to have a legend about reasons for hidding communication and deleting photoes.
     
    Osmanovic likes this.
  6. Osmanovic

    Osmanovic 1st Lieutenant

    Joined:
    Jan 29, 2016
    Messages:
    221
    Likes Received:
    336
    Location:
    United-States
    @YarS I like your style, very interesting but great information.

    Placeba !!!!
     
    YarS likes this.
Loading...