What is RSA Encryption?
RSA is an algorithm used by modern computers to encrypt and decrypt messages. It is an asymmetric cryptographic algorithm. Asymmetric means that there are two different keys.
This is also called public key cryptography because one of them can be given to all. The other key must be kept private. It is based on the fact that finding the factors of a set is difficult ( the problem of factorization).
RSA goes to Ron Rivest, Adi Shamir, and Leonard Adleman, who publicly described it in 1978. An RSA user creates and publishes the product of two large prime numbers along with an auxiliary value as their public key.
The main factors that must be kept secret. Anyone can use the public key to encrypt a message, but with currently published methods, if the public key is large enough, only someone with the knowledge of prime factors can decode the message effectively.
Security researchers able to crack 1024-bit RSA encryption
Security researchers discovered a critical crash (CVE-2017-7526 called) in the GnuPG cryptographic library that allowed researchers to completely break RSA 1024-bit RSA encryption and successfully get the secret key to decrypt data. Therefore, Security researchers able to crack 1024-bit RSA encryption.
GnuPG is a hybrid encryption software that uses a combination of traditional symmetric key encryption for public key speed and encryption to facilitate secure key exchange, usually using the recipient’s public key to encrypt a session key that it uses once.
This mode of operation is part of the OpenPGP standard and has been part of PGP since its first release.
GnuPG software was used by the NSA (National Security Agency) to maintain communications security (encrypted).
The researchers said:
“In this article, we demonstrated a complete rupture of RSA-1024 as implemented in Libgcrypt. Our attack makes essential use of the method used Libgcrypt left to right to calculate the expansion of the sliding window,”
“Note that this side channel requires the attacker to run arbitrary software on the hardware where the private key RSA is used. Allow Access to a private key box should be considered a game provided in any case. So in practice, there are simpler ways to access private keys to ride this side channel. However, in virtual machine boxes, this attack can be used by a virtual machine to steal private keys from another virtual machine “.
So, Security Researchers Able to Crack 1024-bit RSA Encryption.
Released a patch for the Libgcrypt library, users can upgrade the Debian library and Ubuntu here can upgrade the library here.
Researchers have also provided evidence that the same side-channel attack also works against RSA-2048, which require RSA-1024 calculations moderately.
The research book entitled “Sliding into Disaster: The Loss of Sliding Windows from Left to Right” was written by Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Christine van Vredendaal, Tanja Lange And Yuval Yarom.
Libgcrypt has released a solution to the problem in version 1.7.8 libgcrypt.
Debian and Ubuntu have already improved their library with the latest version of Libgcrypt.
So you want to check if your Linux distribution is running the latest version of the Libgcrypt library.