On 3/11/2010 9:15 PM, David Shaw wrote: > Basically, no, and for several reasons. There are a few things that need to > be understood about the new attack. Briefly, this is an attack that relies > on manipulating the power supply to the CPU, in order to cause it to make > errors in RSA signatures. If you process a lot of these errored signatures, > you can recover the secret key. > > In practice, and with GPG, however, it's a pretty hard attack to mount. > First of all, you have to have access to and the ability to manipulate the > power supply to the CPU. If someone had that kind of access to your machine, > there are better attacks that can be mounted (keyboard sniffer, copying the > hard drive, etc.) Secondly, your 4096 bit key is much larger than the > 1024-bit keys the researchers were able to break. Thirdly, the attacker > needs thousands and thousands of signatures with errors in them. This takes > time to gather, increasing the amount of time that the attacker needs to be > manipulating your power supply. Lastly, and perhaps most significantly, GPG > has resistance to this particular attack anyway: it checks all signatures > after creation to make sure that nothing like this happened. If an attacker > managed to make the CPU hiccup and make an error when generating the > signature, the signature check would see the signature was invalid and cause > GPG to exit w ith an error.
Thanks for the explanation. Makes sense :-) . _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
