Implications Of The Recent RSA Vulnerability

erythrocyte firasmr786 at gmail.com
Thu Mar 11 16:52:21 CET 2010


On 3/11/2010 9:15 PM, David Shaw wrote:
> Basically, no, and for several reasons.  There are a few things that need to be understood about the new attack.  Briefly, this is an attack that relies on manipulating the power supply to the CPU, in order to cause it to make errors in RSA signatures.  If you process a lot of these errored signatures, you can recover the secret key.
> 
> In practice, and with GPG, however, it's a pretty hard attack to mount.  First of all, you have to have access to and the ability to manipulate the power supply to the CPU.  If someone had that kind of access to your machine, there are better attacks that can be mounted (keyboard sniffer, copying the hard drive, etc.)   Secondly, your 4096 bit key is much larger than the 1024-bit keys the researchers were able to break.  Thirdly, the attacker needs thousands and thousands of signatures with errors in them.  This takes time to gather, increasing the amount of time that the attacker needs to be manipulating your power supply.  Lastly, and perhaps most significantly, GPG has resistance to this particular attack anyway: it checks all signatures after creation to make sure that nothing like this happened.  If an attacker managed to make the CPU hiccup and make an error when generating the signature, the signature check would see the signature was invalid and cause GPG to exit w
ith an error. 

Thanks for the explanation. Makes sense :-) .



More information about the Gnupg-users mailing list