GnuPG Crypto Library libgcrypt Cracked Via Side-Channel

Outsmart Malicious Hackers


Some clever boffins including Internet software pioneer djb have gotten libgcrypt cracked via a Side-Channel attack which has to do with the direction of a sliding window carried out in the library.

GnuPG Crypto Library libgcrypt Cracked Via Side-Channel

Patches have already been released so update your Linux servers ASAP, even though honestly it seems like a fairly theoretical attack (this side-channel attack requires that the attacker can run arbitrary software on the hardware where the private RSA key is used) it’s been treated as critical so upgrades are highly recommended.

However, on boxes with virtual machines this attack may be used by oneVM to steal private keys from another VM – which is very common and makes this significantly higher risk.

Linux users need to check out their distributions to see if a nasty bug in libgcrypt20 has been patched.

The patch, which has landed in Debian and Ubuntu, is to address a side-channel attack published last week.

The researchers published their work at the International Association for Cryptologic Research’s e-print archive last week. The paper was authored by Daniel Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom (who hail variously from the Technical University of Eindhoven, the University of Illinois, the University of Pennsylvania, the University of Maryland, and the University of Adelaide).

What they found is that the libgcrypt library used what’s called “sliding windows”, a method for carrying out the mathematics of cryptography – but one that’s known to leak data.


The technique they are using (which chains together various methodologies) can carry out very efficient full key recovery for RSA-1024.

You can read the full paper here: Sliding right into disaster: Left-to-right sliding windows leak [PDF]

The researchers looked at the left-to-right sliding window calculation in libgcrypt, in which the sliding window data leak was tolerated because it was believed only part of a key was recoverable (40 percent of bits in a four-bit sliding window; 33 percent in a five-bit sliding window).

What they found was an unpleasant surprise: a complete break of the library’s RSA-1024: “We show for the first time that the direction of the encoding matters: the pattern of squarings and multiplications in left-to-right sliding windows leaks significantly more information about the exponent than right-to-left”.

To get at the processing, the researchers also needed to carry out a side-channel attack, specifically a flush+reload cache-timing attack “that monitors the target’s cache access patterns”.

The vulnerability has been assigned a CVE 2017-7526 – and it’s reserved but the details haven’t been published there (I guess they are waiting until the patch is widespread).

Ubuntu Linux 16.04 LTS & 14.04 LTS are both vulnerable as are Debian Linux 6.0 and all Gnupg Libgcrypt versions pretty much 1.7.7 and below.

The GnuPG announcement is here: [Announce] Libgcrypt 1.7.8 released to fix CVE-2017-7526

Source: The Register

Learn about Cryptography



Posted in: Cryptography, Exploits/Vulnerabilities

Latest Posts:


AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds
dcrawl - Web Crawler For Unique Domains dcrawl – Web Crawler For Unique Domains
dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. It will branch out indefinitely.
Time Warner Hacked - AWS Config Exposes 4M Subscribers Time Warner Hacked – AWS Config Exposes 4M Subscribers
What's the latest on the web, Time Warner Hacked is what it's about now as a bad AWS S3 config (once again) exposes the details of approximately 4M subs.


8 Responses to Time Warner Hacked – AWS Config Exposes 4M Subscribers

  1. engineer September 7, 2017 at 9:36 pm #

    By default S3 buckets are not public.

    • Darknet September 7, 2017 at 9:59 pm #

      They used to be IIRC, but I could be wrong, well I guess more accurately the easiest way to get access to it programmatically is just to set it to public.

    • Engineer S September 10, 2017 at 10:09 pm #

      Yes, it had to be configured to be open to the web.  This story is not really about AWS.  It’s about bad IT controls and careless engineering.

      I wouldn’t even call this a hack, if it’s left open to the public.

  2. Alan M September 8, 2017 at 8:15 am #

    Broadsoft was responsible for exposing the Time Warner Cable (TWC) data. Time Warner (TC) is an entirely separate entity (TC does NOT = TWC).

    • Darknet September 8, 2017 at 3:48 pm #

      Hey thanks for that clarification Alan.

  3. Tracie September 8, 2017 at 8:17 pm #

    Also time Warner cable is no longer TWC . it is now spectrum.

  4. Ryan Dymek September 8, 2017 at 8:29 pm #

    Buckets have zero access beyond the creator. “Easiest way to grant access is to make it public”… that same statement applies to a cisco firewall in an onprem enterprise. And allow any rule is simple but terribly wrong. IAM or bucket policies are no more complex than any enterprise grade firewall. Lets not excuse the behavior of the admin due to ignorance.

    • Darknet September 8, 2017 at 9:22 pm #

      Not excusing it, just saying it happens that way, same reason by MongoDB worked out of the box with no auth and listening on every interface. Not ideal, but a lot of things are done in the name of ease and speed of deployment rather than looking at it with an eye on risk and the repercussions.

Leave a Reply