note by Laura Arjona Reina

Laura Arjona Reina at 2013-12-18T15:29:11Z

Reality surpasses fiction:

DSA 2013-2821

Package : gnupg

Vulnerability : side channel attack

Problem type : remote

Debian-specific: no

CVE ID : CVE-2013-4576

Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts.

O_o #cannotbelieve

And a fix is providen. #Freesoftware people are awesome.

Douglas Perkins, Hilton Garcia Fernandes, McScx, RuiSeabra and 8 others likes this.

Hilton Garcia Fernandes, McScx, Panko shared this.

O_o

WTF - PQC

Rebel Jedi at 2013-12-18T18:56:09Z

o_O

Fernando dos Santos at 2013-12-19T00:15:14Z

And... in today's upgrade... Here it is!

gnupg (1.4.15-2) unstable; urgency=high

  * Fixed the RSA Key Extraction via Low-Bandwidth Acoustic

    Cryptanalysis attack as described by Genkin, Shamir, and Tromer.

    See . [CVE-2013-4576]

  * Add two Gemalto card readers to udev rules (closes: #730872),

Panko at 2013-12-19T00:23:13Z

if they are close enough to do that you might want to also look at RF leaking from your monitor!

michaelmd at 2013-12-23T03:29:51Z