RSA-1024 keys: How does a Libgcrypt vulnerability expose them?

A vulnerability in the Libgcrypt cryptographic library could have allowed attackers to recover RSA-1024 keys. What does this Libgcrypt flaw entail, and how is it used in an attack?

Cryptography attacks typically take several years to a few decades to go from theoretical to practical. One key example of this is the RSA-1024 keys that have been attacked for almost 20 years, as the attacks are able to continually improve.

Cryptographers often think in decades because it takes a significant amount of time for the world to start using the newer and stronger cryptography, figure out how to use it correctly, deploy it pervasively, acknowledge that it needs to be replaced, and then start using yet another newer and stronger algorithm.

Cryptography is very difficult to get correct, and it has driven many good software developers to use cryptographic libraries rather than write their own potentially insecure crypto, which is a good thing. Likewise, many cryptographic algorithms were not designed with modern systems in mind, and with the rise in virtual and cloud systems, new avenues of cryptanalysis have emerged. Given these details, it's prudent to stay aware of developments in cryptanalysis.

There has also been a recent development in the cryptanalysis of RSA-1024 that enables researchers to recover the private keys used to encrypt data via Libgcrypt. The researchers have been analyzing how specific parts of the algorithm work, specifically the left-to-right sliding window, as this method is used to reduce the computing resources needed to encrypt data.

Cryptography is very difficult to get correct.

The researchers also identified how small amounts of data were leaked through a side channel monitoring the shared hardware cache on the target system, which allowed them to eventually recover the private RSA-1024 keys.

The recent Libgcrypt security announcement discusses how this attack requires the attacker to execute code directly on the system. The advisory also recommends users upgrade to version 1.7.8, which fixes the side-channel attack.

This attack is rather complicated, and there could be an easier way to get the targeted private key. On the other hand, this method is more effective if the goal is to recover the private key on a virtual or cloud system, as an attacker may be able to run code on the same physical hardware that is shared with a target without the target even being aware of the attack.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)