oss-sec mailing list archives

GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)

From: Solar Designer <solar () openwall com>
Date: Wed, 18 Dec 2013 20:14:58 +0400

Hi,

GnuPG 1.4.16 was released today with a curious security fix:

http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html

 * Fixed the RSA Key Extraction via Low-Bandwidth Acoustic
   Cryptanalysis attack as described by Genkin, Shamir, and Tromer.
   See <http://www.cs.tau.ac.il/~tromer/acoustic/>.  [CVE-2013-4576]

Direct link to paper (8 MB; the website feels very slow at the moment):

http://www.cs.tau.ac.il/~tromer/papers/acoustic-20131218.pdf

Copy on SlideShare:

http://www.slideshare.net/daniel_bilar/acoustic-20131218

Alexander

Current thread:

GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576) Solar Designer (Dec 18)
- Re: GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576) mancha (Dec 18)