26-07-2013, 08:12 AM
Carsten Wiethoff Wrote:If you thought you could use encryption to be safe from NSA wiretapping, think again. The following paper details a very successful attack on GnuPG, based on measuring L3 cache accesses and recovering key information from these measurements. I quote from the conclusion:
Quote:[size=12]The paper is availabe here: http://eprint.iacr.org/2013/448It is hard to overstate the severity of the weakness in GnuPG. GnuPG is a very popular cryptographypackage. It is used as the cryptography module of many open-source projects and is used, for example,for email, le and communication encryption. With our attack, any process running on the system canextract private keys. Hence, GnuPG in its current form is not safe for a multi-user system or for anysystem that may run untrusted code.
[/SIZE]
I've always assumed that freely available encryption packages could be hacked by the NSA and other government bodies. I also imagine that PGP can be broken too?
The shadow is a moral problem that challenges the whole ego-personality, for no one can become conscious of the shadow without considerable moral effort. To become conscious of it involves recognizing the dark aspects of the personality as present and real. This act is the essential condition for any kind of self-knowledge.
Carl Jung - Aion (1951). CW 9, Part II: P.14