Researchers broke RSA 1024-bit encryption

RSA 1024-bit - is it safe? Security researchers have discovered a critical vulnerability in the GnuPG cryptographic library that allowed them to crack 1024 bit RSA encryption and extract the secret RSA key to decrypt data.

Gnu Privacy Guard (GnuPG or GPG) is a popular open source encryption software used by many operating systems (Linux, FreeBSD, and macOS X).RSA 1024-bit

Vulnerability, under the name CVE-2017-7526, is located in the Libgcrypt encryption library used by GnuPG.

It's the same software that the former NSA employee used Edward Snowden to encrypt his communications.

The research

A team of researchers from the Universities, Eindhoven, Illinois, Pennsylvania, , and Adelaide, found that the “left-to-right sliding window” method used by the libgcrypt library to perform the cryptography math leaks significantly more information than is needed, allowing the full recovery of the RSA key.

"In this paper, we demonstrate a complete breaking of RSA-1024 as implemented in Libgcrypt. THE we basically use the fact that Libgcrypt uses the left-to-right method to calculate the expansion of sliding-windows", Say the researchers in their paper.

The L3 attack -Channel απαιτεί από έναν εισβολέα να τρέξει ένα “πειραγμένο” λογισμικό στο hardware που χρησιμοποιείται το ιδιωτικό κλειδί RSA.

For more information read 'Sliding right into disaster: Left-to-right sliding windows leak, '(PDF) by Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Christine van Vredendaal, Tanja Lange and Yuval Yarom.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).