A vulnerability in gnupg allows you to crack rsa

A team of researchers has discovered a vulnerability in the libgcrypt crypto library. It is a library used by the GnuPG software, thanks to which it is possible to send encrypted and authenticated emails with PGP.

A GnuPG vulnerability allows you to crack RSA

This vulnerability appears to allow the RSA key to be completely cracked. Regardless of the length of that key. Although, it seems, in keys of more than 4096 bits it takes more time to act effectively. Therefore, by being able to crack RSA keys, you can decrypt all the data that has been encrypted with that key.

GnuPG vulnerability

For those who do not know it, GnuPG is a software to send emails safely. Furthermore, it is open source software and is compatible with Windows, Linux and macOS. Others may know it because Edward Snowden uses it to maintain secure communications. The security flaw detected in the Libgcrypt library, which is prone to side channel attacks. Apparently, it filters more information from right to left. So it allows to recover the RSA key.

Although, in order to execute this type of attack, the attacker must have access to the hardware on which to execute the software. Something that certainly helps reduce the chances of an attack. For the tranquility of many. It is a side channel attack. This attack, according to experts, is one of the easiest to access private keys such as RSA. They also comment that it is an attack that a virtual machine to steal keys could use.

Luckily, the Libgcrypt development team has reacted very quickly. An update has already been released to correct the problem. So far Libgcrypt 1.7.8 is available , which is currently available for Ubuntu and Debian. What they recommend is to check the version we use and update as soon as possible