On Wed, 5 Jul 2017 21:39, gnupg-users@gnupg.org said:
>> libgcrypt v<=?
>
> Probably all versions up to 1.7.7, starting from at least 1.2.0 (which
> is the oldest I could find).
Actaully starting at 1.6.0 which introduced the sliding window method to
catch up performance losses due to other si
Am Mittwoch 05 Juli 2017 21:39:26 schrieb Marcus Brinkmann via Gnupg-users:
> Caveat: I have only looked at the code of the oldest and newest
> versions. Remember that old versions may not even have 64-bit support,
> so they run on different CPU architectures. But the code is essentially
> the sa
On 07/05/2017 04:13 PM, Bernhard Reiter wrote:
> Am Dienstag 04 Juli 2017 18:30:28 schrieb Werner Koch:
>> On Tue, 4 Jul 2017 12:05, joh...@vulcan.xs4all.nl said:
>>> Is 1.4 vulnerable to this attack as well? I know it ows not use
>>> libgcrypt but I'm not sure about the vulnerability.
>>
>> Maybe
Am Dienstag 04 Juli 2017 18:30:28 schrieb Werner Koch:
> On Tue, 4 Jul 2017 12:05, joh...@vulcan.xs4all.nl said:
> > Is 1.4 vulnerable to this attack as well? I know it ows not use
> > libgcrypt but I'm not sure about the vulnerability.
>
> Maybe. And probably also to a lot of other local side ch
On 04/07/17 21:03, Johan Wevers wrote:
> Is that going to be fixed, or is 1.4 now really considered EOL?
I think you need to see it in the context of this part of the announcement:
> Allowing execute access to a box with private keys should be considered
> as a game over condition, anyway. Thus
On 04-07-2017 18:30, Werner Koch wrote:
>> Is 1.4 vulnerable to this attack as well? I know it ows not use
>> libgcrypt but I'm not sure about the vulnerability.
>
> Maybe. And probably also to a lot of other local side channel attacks.
Is that going to be fixed, or is 1.4 now really considered
On Tue, 4 Jul 2017 12:05, joh...@vulcan.xs4all.nl said:
> Is 1.4 vulnerable to this attack as well? I know it ows not use
> libgcrypt but I'm not sure about the vulnerability.
Maybe. And probably also to a lot of other local side channel attacks.
Shalom-Salam,
Werner
--
Die Gedanken sin
On 29-06-2017 9:28, Werner Koch wrote:
> The GnuPG Project is pleased to announce the availability of Libgcrypt
> version 1.7.8. This release fixes a local side-channel attack.
Is 1.4 vulnerable to this attack as well? I know it ows not use
libgcrypt but I'm not sure about the vulnerability.
--
Hi!
The GnuPG Project is pleased to announce the availability of Libgcrypt
version 1.7.8. This release fixes a local side-channel attack.
Libgcrypt is a general purpose library of cryptographic building blocks.
It is originally based on code used by GnuPG. It does not provide any
implementation
