Security Vulnerability
July 7, 2017 by

Security Researchers Crack GnuPG Crypto Library’s 1024-bit RSA Encryption

Researchers have uncovered a critical vulnerability in a GnuPG cryptographic library, enabling them to completely bypass the inherent RSA-1024 encryption and extract the decryption RSA key.

Gnu Privacy Guard (GnuPG or GPG), a popular open source encryption software, is used by the likes of former NSA contractor Edward Snowden in keeping with secure encrypted communication channels. The software is compatible and put to use among all major operating systems and platforms including Linux, Windows and macOS X.

A team of researchers from from the Technical University of Eindhoven, the University of Illinois, the University of Pennsylvania, the University of Maryland, and the University of Adelaide discovered a vulnerability in the software, labeled CVE-2017-7526. The “left-to-right sliding window” method sees a vulnerability in the Libgcrypt cryptographic library used by the software, which is prone to local FLUSH+RELOAD side-channel attack.

“In this paper, we demonstrate a complete break of RSA-1024 as impelemented in Libgcrypt. Our attack makes essential use of the fact that Libgcrypt uses the left-to-right method for computing the sliding-window expansion,” the security researchers wrote in the research paper.

They stated:

The pattern of squarings and multiplications in left-to-right sliding windows leaks significantly more information about the exponent than right-to-left. We show how to extend the Heninger-Shacham algorithm for partial key reconstruction to make use of this information and obtain a very efficient full key recovery for RSA-1024.

The L3 Cache Side-Channel attack typically sees an attacker ruin an arbitrary software on the hardware embedded with the private RSAS key. The attack enables the attacker to extract the decryption key from the targeted system by analyzing the electromagnetic outputs of the device emitted during the decryption process.

“Thus, in practice,” the researchers wrote, “there are easier ways to access the private keys than to mount this side-channel attack. However, on boxes with virtual machines, this attack may be used by one VM to steal private keys from another VM.”

Libcrypt has since released a fix for the vulnerability in version 1.7.8, which can be found here.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Hackers Develop Device to Unlock Every Room in 140,000 Hotels in Under a Minute

A pair of security researchers who work for Finnish privacy and cybersecurity firm F-secure have...

Read more arrow_forward

Croatian Police Arrest Operator Behind Global DDoS Attack Platform Webstresser

Croatian police have confirmed the arrest of a 19-year old individual who is alleged to be operating...

Read more arrow_forward

Hackers Target X-Ray, MRI Machines in Healthcare Corporate Espionage

Cybersecurity researchers have identified a mysterious hacking group that has been targeting the...

Read more arrow_forward