Implications Of The Recent RSA Vulnerability

David Shaw dshaw at jabberwocky.com
Thu Mar 11 16:45:55 CET 2010


On Mar 11, 2010, at 3:39 AM, erythrocyte wrote:

> With the recent news of researchers being able to crack 1024-bit RSA
> keys using power fluctuations, I was wondering if it would be a good
> idea to switch the RSA keys I have to some other algorithm. Both my
> signing and encryption keys are 4096-bit keys. Am I vulnerable to this
> security hole?

Basically, no, and for several reasons.  There are a few things that need to be understood about the new attack.  Briefly, this is an attack that relies on manipulating the power supply to the CPU, in order to cause it to make errors in RSA signatures.  If you process a lot of these errored signatures, you can recover the secret key.

In practice, and with GPG, however, it's a pretty hard attack to mount.  First of all, you have to have access to and the ability to manipulate the power supply to the CPU.  If someone had that kind of access to your machine, there are better attacks that can be mounted (keyboard sniffer, copying the hard drive, etc.)   Secondly, your 4096 bit key is much larger than the 1024-bit keys the researchers were able to break.  Thirdly, the attacker needs thousands and thousands of signatures with errors in them.  This takes time to gather, increasing the amount of time that the attacker needs to be manipulating your power supply.  Lastly, and perhaps most significantly, GPG has resistance to this particular attack anyway: it checks all signatures after creation to make sure that nothing like this happened.  If an attacker managed to make the CPU hiccup and make an error when generating the signature, the signature check would see the signature was invalid and cause GPG to exit with an error.

David




More information about the Gnupg-users mailing list