Implications Of The Recent RSA Vulnerability

David SMITH dave.smith at st.com
Thu Mar 11 16:43:32 CET 2010


erythrocyte wrote:
> On 3/11/2010 3:29 PM, Dan Mahoney, System Admin wrote:
>> On Thu, 11 Mar 2010, erythrocyte wrote:
>>> Ref:
>>> http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/
>>>
>> Okay, let me sum up this article for you:
>>
>> Researchers who had physical enough access to be able to rewire the
>> private-key-holder's system's power supply were able to compromise that
>> system.
>>
>> If you're at that point, I don't think key length is your problem.
> 
> Alrighty. But doesn't this compromise the layer of security offered by
> the passphrase? What's the point having a passphrase at all, if it's so
> easy to compromise a private key?

Well, I've only read the "engadget" writeup, but assuming it's correct,
the attack only applies to systems where the attacker has physical
access to a system containing the private key.  As a general rule, when
using GnuPG you would keep your private key on your local system, so it
would only be a problem if your local system were cracked and the
attacker could download the private key from your machine, or if your
machine were to fall into the attacker's hands.

However, even if the attacker manages to get hold of your private key
file, they still need the passphrase to get the key so that they can use
it for the RSA encryption operation they want to attack using this
technique.  If they have both the private key /and/ the passphrase, then
the game is already over.

So, basically, it's highly unlikely that you're vulnerable to this
attack.  The sort of systems that are vulnerable to the attack are ones
where the RSA key is embedded inside such that the attacker, with
physical access to the system, can use it for the encryption operation
but not read it out.  This attack allows the cracker to determine the
embedded key.

In terms of whether it compromises the passphrase protection, no.  To be
able to use the attack, the attacker needs to run the RSA algorithm with
your private key.  To be able to do that, they need your passphrase in
the first place, otherwise, how can they get your private key to feed in
to RSA?



More information about the Gnupg-users mailing list