I read this PDF doc here http://eprint.iacr.org/2015/170.pdf that states that GPG (not sure if this only effects Linux GPG, or also GPG4Win) is vulnerable to TEMPEST. A tempest attack which is the use of a radio receiver to “listen” to electronic “noise” from a device which can in some cases actually convey information about data being processed by the device. Normally, to extract information from a PC via TEMPEST, you need special custom-built hardware, who’s sampling rate several times the CPU’s clockspeed. For a 2.4 GHz CPU that you are trying to steal info from, you would probably be using a dedicated piece of custom designed lab equipment with a 10 GHz sample rate. These can cost thousands or even tens of thousands of dollars. At these prices, only the government/military would be able to consider purchasing such a device. However according to the above mentioned PDF document, researchers have found a way to use a radio tuned to around 2MHz, with a bandwidth of only about 100kHz to intercept TEMPEST emissions from a laptop computer in such a manner as to be able to crack GPG’s RSA keys. However, according to the document, this still requires the attacker have physical access to the PC, as the process describes the decryption of multiple carefully crafted messages being used to (in conjunction with the radio equipment) tease out the decryption/private keys over a period of several seconds. If an actual attacker had physical access to your PC, he’d be better off just copying the private key files to a jump drive. However, the point of this research was to prove that it can be done with TEMPEST, which means it’s probably only a matter of time before it is discovered how not-so-carefully-crafted messages being decrypted by the computer’s owner, will also be able to reveal the decryption keys via radio emissions that are easily intercepted with cheap equipment that any hacker could get their hands on.
Hi AJ,
as security is nether absolute, new attacks are always found.
As for Gpg4win and GnuPG you can see from the article that the researchers
worked together with Werner Koch to develop a way to make GnuPG more resistent
against the particular attacks found.
Gpg4win at least since 2.2.4 uses libgcrypt-1.6.3 (or later) and:
http://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html
" * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
- Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical]."
Best Regards,
Bernhard