Libgcrypt prior to 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate malicious users to extract ECDH keys by measuring electromagnetic emanations.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnupg libgcrypt |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 14.04 |
TEMPESTuous
Israeli security researchers have been able to extract encryption keys from a nearby computer by analysing stray electromagnetic radiation. The attack by computer scientists from Tel Aviv University shows that TEMPEST-style side channel attacks are no longer just the preserve of Mission Impossible and three-letter spy agencies. In a paper, titled ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs, the researchers demonstrate how secret decryption keys in applications using the ...