26-07-2013, 07:55 AM
If you thought you could use encryption to be safe from NSA wiretapping, think again. The following paper details a very successful attack on GnuPG, based on measuring L3 cache accesses and recovering key information from these measurements. I quote from the conclusion:
Quote:[size=12]The paper is availabe here: http://eprint.iacr.org/2013/448It is hard to overstate the severity of the weakness in GnuPG. GnuPG is a very popular cryptographypackage. It is used as the cryptography module of many open-source projects and is used, for example,for email, le and communication encryption. With our attack, any process running on the system canextract private keys. Hence, GnuPG in its current form is not safe for a multi-user system or for anysystem that may run untrusted code.
[/SIZE]
The most relevant literature regarding what happened since September 11, 2001 is George Orwell's "1984".