Researchers from universities in Adelaide, Eindhoven, Chicago, Maryland and Pennsylvania have published a paper describing how they used a local side-channel attack to break the Libgcrypt encryption library.
The exploit could be used to recover a RSA-1024 key.
The vulnerability (CVE-2017-7526) is tied to the fact that Libgcrypt, which is based on code from GnuPG, uses left to right sliding windows exponentiation. The method is commonly used by cryptographic implementations and computes power by looking at a number of exponent bits at a time.
This process used by libgcrypt can be used to carry out a key recovery attack against RSA. This despite it previously being thought that even if the entire pattern of squarings and multiplications was observed courtesy of s side-channel attack, it wouldn’t leak enough exponent bits to be of any real use.
Patches to prevent the attack didn’t surface in Linux distributions until earlier this week.
GnuPG issued an update for the library that should mitigate any future attacks.
SUSE Linux has issued fixes to this issue in versions 1.6.1, 1.5.0, and 1.2.2. Developers with Debian meanwhile encouraged users to upgrade their libgcrypt20 packages, pushing patches to mitigate the attack. Marc Deslauriers, a security engineer for Ubuntu, warned users of the issue – and the availability of update 1.7.6-1ubuntu0.1. An update for CentOS has been released as well.
It is recommended you update as soon as possible.