RSA-1024 Private Key Extraction Made Possible

This type of attack is likely to be used by APT groups as part of the exfiltration phase of an attack where the goal is to collect data such as an organisation's intellectual property.

GnuGP is a widely used free implementation of the OpenPGP standard and is used to encrypt and sign data and communications securely. Libgcrypt is a module that is found inside the GnuGP package providing the encryption functionality.

Researchers investigating the operation of Libgcrypt found that it implemented a method known as sliding windows to perform certain mathematical computations required as part of the encryption process. The issue arises as the technique is known to be vulnerable to an attack known as a side-channel attack.

Side-channel attacks are a type of attack where data can leak from the operation and be accessed from another data source which can be obtained without brute forcing or through a direct weakness in the algorithm being attacked.

These alternate data sources can vary but examples include timing of certain operations, power consumptions at different stages, leaking of electromagnetic signals among others. In this instance, it has been found that a flush+reload cache-timing attack allows an actor to monitor the target's cache and record certain access patterns allowing data to be leaked. This can be used against Libgcrypt to aid in retrieving the private key.

Updated packages have now been released for all major distributions and can be obtained from the relevant package managers.