Linux users need to check out their distributions to see if a nasty bug in libgcrypt20 has been patched.
The patch, which has landed in Debian and Ubuntu, is to address a side-channel attack published last week.
The researchers published their work at the International Association for Cryptologic Research’s e-print archive last week. The paper was authored by Daniel Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom (who hail variously from the Technical University of Eindhoven, the University of Illinois, the University of Pennsylvania, the University of Maryland, and the University of Adelaide).
What they found is that the libgcrypt library used what’s called “sliding windows”, a method for carrying out the mathematics of cryptography – but one that’s known to leak data.
The researchers looked at the left-to-right sliding window calculation in libgcrypt, in which the sliding window data leak was tolerated because it was believed only part of a key was recoverable (40 percent of bits in a four-bit sliding window; 33 percent in a five-bit sliding window).
What they found was an unpleasant surprise: a complete break of the library’s RSA-1024.
Submitted by: Arnfried Walbrecht