[Announce] [security fix] GnuPG 1.4.16 released // workaround
vedaal at nym.hush.com
vedaal at nym.hush.com
Wed Dec 18 16:10:49 CET 2013
On Wednesday, December 18, 2013 at 9:25 AM, "Werner Koch" <wk at gnupg.org> wrote:
>The paper describes two attacks. The first attack allows to
>distinguish
>keys: An attacker is able to notice which key is currently used for
>decryption.
...
> While listening to the acoustic
>emanations of
>the targeted machine, the smartphone will send new encrypted
>messages to
>that machine and re-construct the private key bit by bit. A 4096
>bit
>RSA key used on a laptop can be revealed within an hour.
>
>GnuPG 1.4.16 avoids this attack by employing RSA blinding during
>decryption.
=====
Am not familiar with how RSA 'blinding' works,
but am surprised that it cannot be used to 'blind' RSA as to the identity of the key ;-(
Here is a potential workaround though:
If a sender suspects that the receiver may be in a place where acoustical surveillance can detect the key id,
then the sender and receiver can do the following:
[1] The sender sends a message encrypted to both the sender's and receiver's usual keys,
with an instruction in the plaintext, that if a 'special atypical' key is to be used, then the message is to be sent encrypted to that special atypical key, using the throw-keyid option, as well as encrypting conventionally to a passphrase.
[2] The passphrase to be used for conventional encryption is the session key string for the first encrypted message in [1], which the sender and receiver now have, and they can decrypt the messages using conventional encryption.
[3] Whenever the correspondents are in an environment 'safe' from this type of acoustic threat, the message can be decrypted using the 'special typical' key. Whatever information is intended to be conveyed by using a 'special key', will still be understood by the receiver.
vedaal
More information about the Gnupg-users
mailing list