On Mar 11, 2010, at 3:39 AM, erythrocyte wrote:

> With the recent news of researchers being able to crack 1024-bit RSA
> keys using power fluctuations, I was wondering if it would be a good
> idea to switch the RSA keys I have to some other algorithm. Both my
> signing and encryption keys are 4096-bit keys. Am I vulnerable to this
> security hole?

Basically, no, and for several reasons.  There are a few things that need to be 
understood about the new attack.  Briefly, this is an attack that relies on 
manipulating the power supply to the CPU, in order to cause it to make errors 
in RSA signatures.  If you process a lot of these errored signatures, you can 
recover the secret key.

In practice, and with GPG, however, it's a pretty hard attack to mount.  First 
of all, you have to have access to and the ability to manipulate the power 
supply to the CPU.  If someone had that kind of access to your machine, there 
are better attacks that can be mounted (keyboard sniffer, copying the hard 
drive, etc.)   Secondly, your 4096 bit key is much larger than the 1024-bit 
keys the researchers were able to break.  Thirdly, the attacker needs thousands 
and thousands of signatures with errors in them.  This takes time to gather, 
increasing the amount of time that the attacker needs to be manipulating your 
power supply.  Lastly, and perhaps most significantly, GPG has resistance to 
this particular attack anyway: it checks all signatures after creation to make 
sure that nothing like this happened.  If an attacker managed to make the CPU 
hiccup and make an error when generating the signature, the signature check 
would see the signature was invalid and cause GPG to exit with an error.

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to