Debian 7: DLA-1015-1 Critical Key Exposure in Libgcrypt11 Cryptography
debian lts
July 6, 2017
It was discovered that there was a key disclosure vulnerability in libgcrypt11 a library of cryptographic routines: It is well known that constant-time implementations of modular e...
Topics Covered
Summary
It is well known that constant-time implementations of modular exponentiation
cannot use sliding windows. However, software libraries such as Libgcrypt,
used by GnuPG, continue to use sliding windows. It is widely believed that,
even if the complete pattern of squarings and multiplications is observed
through a side-channel attack, the number of exponent bits leaked is not
sufficient to carry out a full key-recovery attack against RSA.
Specifically, 4-bit sliding windows leak only 40% of the bits, and 5-bit
sliding windows leak only 33% of the bits.
-- Sliding right into disaster: Left-to-right sliding windows leak
For Debian 7 "Wheezy", this issue has been fixed in libgcrypt11 version
1.5.0-5+deb7u6.
We recommend that you upgrade your libgcrypt11 packages.
Regards,
- --
,'`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: libgcrypt11
Version: 1.5.0-5+deb7u6
CVE ID: CVE-2017-7526
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!