Complete Break of Libgcrypt RSA-1024: CVE-2017-7526, CVE-2017-9526
CYBER NEWS

Complete Break of Libgcrypt RSA-1024: CVE-2017-7526, CVE-2017-9526

Are you a Linux user? Make sure to check whether a bug in libgcrypt20 has been patched. Researchers David Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom from various respected universities found and reported the bug leading to a side-channel attack. Their findings were published recently, and a patch has been issued for Debian and Ubuntu. The vulnerabilities were given the following identifiers: CVE-2017-7526 and CVE-2017-9526. The researchers demonstrated “a complete break of RSA-1024 as implemented in Libgcrypt”.

Related Story: CVE-2017-1000367, Severe Root Vulnerability in Linux Sudo

Why the Direction of Encoding Matters

The researchers’ attack makes essential use of the fact that Libgcrypt uses the left-to-right method for computing the sliding-window expansion, as explained. The findings reveal for the first time that the direction of the encoding does matter: “the pattern of squarings and multiplications in left-to-right sliding windows leaks significantly more information about exponent bits than for right-to-left”.

We show how to incorporate this additional information into the Heninger-Shacham algorithm for partial key reconstruction, and use it to obtain very efficient full key recovery for RSA-1024. We also provide strong evidence that the same attack works for RSA-2048 with only moderately more computation.

In short, what the team found was that the libgcrypt library used sliding windows, a method for executing the mathematical side of the cryptography. Unfortunately, this method has been known to leak data. What the experts did was to inspect the left-to-right slinding window calculation the library, where the sliding window data leak was allowed as it was thought only part of key was recoverable. The researchers came across an unpleasant revelation: a complete break of libgcrypt’s RSA-1024 encryption. And as mentioned above, this is how they demonstrated the direction of the encoding is very important.

Related Story: CVE-2017-1000364, Stack Slash Flaw in Linux Patched

A side-channel attack was also performed, more precisely a flush+reload cache-timing attack monitoring the target’s cache access patterns. To avoid attacks from happening, Debian users are advised to get update from Debian’s security advisory. Respectively, Ubuntu users should go here.

As for the researchers’ work – it has been published at the International Association for Cryptologic Research e-print archive.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...