-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/12/13 10:28, Mike Cardwell wrote:
> I have a V2 OpenPGP SmartCard. I'm wondering if this would be vulnerable to
> the attack in question? Also, what about the Crypto Stick? Presumably these
> generate the same sort of noise during signing/decrypt
* on the Thu, Dec 19, 2013 at 07:03:57PM +0100, Werner Koch wrote:
>> Since you are mentioned in this webpage, do you know by any chance
>> whether gpgsm is vulnerable in a similar way?
>
> gpgsm uses Libgcrypt and Libgcrypt employs RSA blinding for a long time
> now. Thus it is not vulnerable.
On Thu, 19 Dec 2013 17:54, o...@mat.ucm.es said:
> Since you are mentioned in this webpage, do you know by any chance
> whether gpgsm is vulnerable in a similar way?
gpgsm uses Libgcrypt and Libgcrypt employs RSA blinding for a long time
now. Thus it is not vulnerable. The reason Libgcrypt has
>> "Werner" == Werner Koch writes:
> On Wed, 18 Dec 2013 18:31, sys...@ioioioio.eu said:
>> "Here, we describe a new acoustic cryptanalysis key extraction attack,
>> applicable to GnuPG's current implementation of RSA. The attack can
> Well that is what I posted a few hours ago to th
On Wed, 18 Dec 2013 18:31, sys...@ioioioio.eu said:
> "Here, we describe a new acoustic cryptanalysis key extraction attack,
> applicable to GnuPG's current implementation of RSA. The attack can
Well that is what I posted a few hours ago to this list ;-).
Salam-Shalom,
Werner
--
Die Gedan
"Here, we describe a new acoustic cryptanalysis key extraction attack,
applicable to GnuPG's current implementation of RSA. The attack can
extract full 4096-bit RSA decryption keys from laptop computers (of
various models), within an hour, using the sound generated by the
computer during the de
