Story

Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation

Preview

History

2015-03-20 21:01

From the paper (page 5):

Current Status. Following the practice of responsible disclosure, we worked with the authors
of GnuPG to suggest several countermeasures and verify their effectiveness against our attacks
(see CVE-2014-3591 [MIT14]). GnuPG 1.4.19 and Libgcrypt 1.6.3, resilient to these attacks, were
released concurrently with the public announcement of the results presented in this paper.

But also:

GnuPG 2.1 (developed in parallel to GnuPG 1.x), as well as its underlying
cryptographic library, libgcrypt (version 1.6.2), utilize very similar cryptographic codes and thus
may also be vulnerable to our attack.

No word on a fix for that, but I see no reason why the patch to 1.x wouldn't be applied to 2.x ...

2015-03-20 21:04

From the paper (page 5):

Current Status. Following the practice of responsible disclosure, we worked with the authors
of GnuPG to suggest several countermeasures and verify their effectiveness against our attacks
(see CVE-2014-3591 [MIT14]). GnuPG 1.4.19 and Libgcrypt 1.6.3, resilient to these attacks, were
released concurrently with the public announcement of the results presented in this paper.

But also:
GnuPG 2.1 (developed in parallel to GnuPG 1.x), as well as its underlying
cryptographic library, libgcrypt (version 1.6.2), utilize very similar cryptographic codes and thus
may also be vulnerable to our attack.
No word on a fix for that, but I see no reason why the patch to 1.x wouldn't be applied to 2.x ...

Junk Status

Not marked as junk

Story

Preview

Fixed for GnuPG (Score: 1)

by seriously@pipedot.org on 2015-03-20 21:01 (#5BTV)

History

Junk Status