Re: [Announce] Libgcrypt 1.7.8 released to fix CVE-2017-7526

2017-07-05 Thread Marcus Brinkmann via Gnupg-users 
On 07/05/2017 04:13 PM, Bernhard Reiter wrote:
> Am Dienstag 04 Juli 2017 18:30:28 schrieb Werner Koch:
>> On Tue,  4 Jul 2017 12:05, joh...@vulcan.xs4all.nl said:
>>> Is 1.4 vulnerable to this attack as well? I know it ows not use
>>> libgcrypt but I'm not sure about the vulnerability.
>>
>> Maybe.  And probably also to a lot of other local side channel attacks.
>
> In general I think it would be useful to have information available that
> shows which versions of GnuPG and libgcrypt are exposed to this or other
> weaknesses and what the consequences are.
>
> People now know which that there are versions
> with this vulnerability and without it.
>
> My concept so far:
> not vulnerable:
>   libgcrypt 1.7.8
>   libgcrypt 1.8 -beta since commit
> Thu, 29 Jun 2017 04:11:37 +0200 (11:11 +0900)
> 8725c99ffa41778f382ca97233183bcd687bb0ce
>
> vulnerable

Caveat: I have only looked at the code of the oldest and newest
versions.  Remember that old versions may not even have 64-bit support,
so they run on different CPU architectures.  But the code is essentially
the same as the vulnerable code in libgcrypt 1.7.7 for these:

>   libgcrypt v<=?

Probably all versions up to 1.7.7, starting from at least 1.2.0 (which
is the oldest I could find).

>   GnuPG v1.?

Probably all versions from 1.0.4 up to 1.4.21.  (I could not find 1.0.3,
which according to the NEWS file is the first version with RSA support).

I made a backport of the patch for GPG 1.4.21 here:

https://dev.gnupg.org/D438

I have also found a paper that indicates that the exponent blinding
defense is not as solid as one might think naively, and in which the
author indicates that OpenSSL defended against these kind of attacks
conclusively in 0.9.8f (Oct 2007). I have only glanced over the claims,
but it's certainly intriguing:

Schindler, W.: Exclusive Exponent Blinding May Not Suffice
to Prevent Timing Attacks on RSA (2015), Bundesamt für Sicherheit in der
Informationstechnik

Preprint available at https://eprint.iacr.org/2014/869.pdf







signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Don't send encrypted messages to random users to test your gpg

2017-05-29 Thread Marcus Brinkmann via Gnupg-users 
For people who want to communicate with other people rather than bots,
there is also this:

https://www.reddit.com/r/GPGpractice/
https://www.reddit.com/r/publickeyexchange/

On 05/29/2017 01:00 PM, Duane Whitty wrote:
> Hi list,
> 
> When I checked my email this morning I had an encrypted message from
> someone I didn't know and had never heard of signed with a signature for
> which no public key was available.
> 
> When I saw the email with a subject "test, test, hello" (or something to
> that effect" I decided not to let Thunderbird/Enigmail process it but
> rather I copy and pasted the cypher text into a file and used the
> command line to look at it..
> 
> The message and relevant gpg output was:
> 
> "Subject: test, test - hello
> 
> hey, i hope you don't mind - I just wanted to test using GPG and I
> picked you at random."
> 
> gpg: Signature made Mon 29 May 2017 02:59:23 AM ADT
> gpg:using RSA key (deleting for email to list)
> gpg: Can't check signature: No public key"
> 
> To the person who sent me this my reply is that yes I do mind.  I tend
> to believe no harm is intended and I'm not terribly upset over it but I
> consider it to be bad Internet etiquette.  It would be only a little
> more acceptable if you had published your public key so that the
> signature you used to sign with could at least be verified.
> 
> Having hashed that out welcome to the community :-)
> 
> To test your setup try this link, https://emailselfdefense.fsf.org/en/
> I haven't used it myself but unless someone from the list knows why it
> shouldn't be used it should fine.
> 
> I also highly recommend reading https://www.gnupg.org/faq/gnupg-faq.html
> 
> The above links are just to get started.  Happy pgp'ing
> 
> Best Regards,
> Duane
> 
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users