July 4th, 2017 By Catalin Cimpanu
A team of eight researchers from various universities has found a bug in the Libcrypto library that allows an attacker with local access to extract the RSA-1024 private key that was used to encrypt local data.
Their researcher paper was focused on GnuPG, an encryption software for Android, Linux, macOS, and Windows. More accurately, the researchers focused their work on Libgcrypt, GnuPG’s module responsible for the actual GnuPG’s encryption operations.
Researchers say they found that Libgcrypt used a method known as “sliding windows” to compute part of these mathematical equations behind data encryption. The problem, they say, was that “sliding windows” is a computation method known to leak data via side-channel attacks.
Powered by WPeMatico