Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How Encryption Programs can be attacked
#1
If you thought you could use encryption to be safe from NSA wiretapping, think again. The following paper details a very successful attack on GnuPG, based on measuring L3 cache accesses and recovering key information from these measurements. I quote from the conclusion:
Quote:[size=12]
It is hard to overstate the severity of the weakness in GnuPG. GnuPG is a very popular cryptographypackage. It is used as the cryptography module of many open-source projects and is used, for example,for email, le and communication encryption. With our attack, any process running on the system canextract private keys. Hence, GnuPG in its current form is not safe for a multi-user system or for any
system that may run untrusted code.
[/SIZE]
The paper is availabe here: http://eprint.iacr.org/2013/448
The most relevant literature regarding what happened since September 11, 2001 is George Orwell's "1984".
Reply
#2
Carsten Wiethoff Wrote:If you thought you could use encryption to be safe from NSA wiretapping, think again. The following paper details a very successful attack on GnuPG, based on measuring L3 cache accesses and recovering key information from these measurements. I quote from the conclusion:
Quote:[size=12]
It is hard to overstate the severity of the weakness in GnuPG. GnuPG is a very popular cryptographypackage. It is used as the cryptography module of many open-source projects and is used, for example,for email, le and communication encryption. With our attack, any process running on the system canextract private keys. Hence, GnuPG in its current form is not safe for a multi-user system or for any
system that may run untrusted code.
[/SIZE]
The paper is availabe here: http://eprint.iacr.org/2013/448

I've always assumed that freely available encryption packages could be hacked by the NSA and other government bodies. I also imagine that PGP can be broken too?
The shadow is a moral problem that challenges the whole ego-personality, for no one can become conscious of the shadow without considerable moral effort. To become conscious of it involves recognizing the dark aspects of the personality as present and real. This act is the essential condition for any kind of self-knowledge.
Carl Jung - Aion (1951). CW 9, Part II: P.14
Reply
#3
David Guyatt Wrote:I've always assumed that freely available encryption packages could be hacked by the NSA and other government bodies. I also imagine that PGP can be broken too?
GnuPG, which is the subject of the article, is the most common implementation of PGP.
The described procedure can be used to attack any encryption program, not by cryptoanalysis, but by monitoring the running decryption program and analysing the steps it takes during decryption.
The most relevant literature regarding what happened since September 11, 2001 is George Orwell's "1984".
Reply
#4
David Guyatt Wrote:I've always assumed that freely available encryption packages could be hacked by the NSA and other government bodies. I also imagine that PGP can be broken too?
There are bigger issues with proprietary software. At least with the Libre software there are thousands of people watching for the problems and working on the solutions. The hive mind. And we will hear about the problems. With the closed and commercial systems they may have a commercial interest in not letting their clients know there are big problems with their products (both loss of sales and share price valuation) and they don't have any where near the numbers of eyes looking at the issues that could go wrong and how to fix them. And software programs of any kind, proprietary or Libre can be hacked.

Nevertheless, what Carsten has posted is rather unnerving to say the least.
"The philosophers have only interpreted the world, in various ways. The point, however, is to change it." Karl Marx

"He would, wouldn't he?" Mandy Rice-Davies. When asked in court whether she knew that Lord Astor had denied having sex with her.

“I think it would be a good idea” Ghandi, when asked about Western Civilisation.
Reply
#5
Though not an expert on this [ask some trusted White Hat Hackers], it is my understanding from reading non-technical literature on this subject that most proprietary encryption software have 'NSA backdoors or keys'; as mentioned above, most PGP encryption can be unlocked and viewed by 'watching' how the computer is unencrypting it; and, that the only people one is hiding anything from are other mortals [rather than intelligence, especially electronic intelligence agencies - US and some others]. ONLY custom made very advanced huge prime number encrypted things are safe [sort of].....NSA and others can [if they devote the considerable computer power/time to it, with effort still decrypt almost all of them [and these are not your usual encryption algorithms]. Usually, they just store all encrypted messages, decrypt as they are storing the 'easy ones' [along with most of the unencrypted ones], and later can decrypt higher level encrypted ones if they are curious and/or suspicious. While they realize that some encrypt just to be 'cool'; encryption + political dissent/disagreements [as they define it] with 'the Empire' = a graded and greater level of attention and suspicion, often. Its back to written letters, furtively exchanged hand to hand (and using dead drops, etc.), if you really have something secret to pass on to someone else.....The only thing going for us, is they do not have the time or manpower to look at everything and everyone - although they collect everything from everyone [if they need to 'go back' and look/listen]

Worship Big Brother sees and hears all! Fascist Police State[s], spreading worldwide, with the NSA and its sister agencies well in the lead.....
"Let me issue and control a nation's money and I care not who writes the laws. - Mayer Rothschild
"Civil disobedience is not our problem. Our problem is civil obedience! People are obedient in the face of poverty, starvation, stupidity, war, and cruelty. Our problem is that grand thieves are running the country. That's our problem!" - Howard Zinn
"If there is no struggle there is no progress. Power concedes nothing without a demand. It never did and never will" - Frederick Douglass
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Researchers crack the worlds toughest encryption by listening to your computers CPU David Guyatt 1 3,921 06-01-2014, 11:16 AM
Last Post: Peter Lemkin

Forum Jump:


Users browsing this thread: 1 Guest(s)