19 Dec
2013
19 Dec
'13
5:07 a.m.
Hello, It seems that some guys managed to "listen" gnupg private keys. While some parts of the attack are gnupg specific, similar attacks could apply in nettle as well (and I guess every implementation that does RSA decryption). This could affect TLS sessions where the server is decrypting client provided ciphertext. I see on their mitigation section that "ciphertext normalization", i.e., c=c%n, avoids their key recovery attack, so given that there is no harm to have this step anyway, it would be nice to have it in nettle as well (patch attached).
http://www.cs.tau.ac.il/~tromer/acoustic/
regards, Nikos