Critical RNG Flaw Fixed in GnuPG

Datetime:2016-08-23 03:21:38          Topic:          Share

Researchers have uncovered a critical vulnerability in the GnuPG and Libgcrypt encryption apps that has been around since 1998 and allows an attacker to predict output from the software’s random number generator under some conditions.

The vulnerability was discovered by a team from Karlsruhe Institute of Technology in Germany, and the people behind the GnuPG Project, who maintain both applications, say that users should install the fixed version of the software as soon as possible. The bug affects every version of both GnuPG and Libgcrypt.

“Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt’s random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions,” the advisory from the GnuPG Project says.

GnuPG 2.1.15 is the fully patched version. Werner Koch of the GnuPG Project said in the advisory that although the vulnerability is a critical one, users should not immediately start revoking private keys created with vulnerable versions.

“A first analysis on the impact of this bug in GnuPG shows that existing RSA keys are not weakened. For DSA and Elgamal keys it is also unlikely that the private key can be predicted from other public information. This needs more research and I would suggest _not to_ overhasty revoke keys,” Koch said.

GPG is a free encryption tool that’s based on the OpenPGP specification.