Before revealing the shocking discovery of RSA cryptosystem hacking, let it be known that RSA is a series of semi prime number series that are part of a challenge to be factorized so that advancements can be made in computational number theory. This number series was created by RSA Laboratories based in Bedford, Massachusetts with regional headquarters in Singapore and UK as well.
A group of intelligent and clever security researchers dared to make this attempt to crack RSA-1024 cryptosystem. The vulnerability they exploited was through the Gnu Privacy Guard (GnuPG). Gnu Privacy Guard is basically an encryption software and framework used in major operating systems like Linux, Windows and MacOS X.
This vulnerability termed as CVE-2017-7526 was found in the cryptographic library known as Libgcrypt used by GnuPG. According to researchers, this cryptographic library is particularly fragile to an attack known as Flush+Reload.
The group of security researchers who made RSA cryptosystem hacking possible are from institutions like Technical University of Eindhoven, the University of Illinois, the University of Pennsylvania, the University of Maryland, and the University of Adelaide. After successful RSA cryptosystem hacking, in a research paper published by them, it is mentioned:
“The pattern of squarings and multiplications in left-to-right sliding windows leaks significantly more information about the exponent than right-to-left. We show how to extend the Heninger-Shacham algorithm for partial key reconstruction to make use of this information and obtain a very efficient full key recovery for RSA-1024.”
Therefore, in simpler words, the pattern of memory utilization and electromagnetic signals from the machine are used to have the secret crypto key. In addition to this, much to the amusement of everyone, the researchers have made the shocking revelation that RSA-2048 can also be cracked using the same methodology with some little adjustments and tweaks required.
After this shocking discovery of RSA cryptosystem hacking, Libgcrypt has released a fix for this vulnerability and therefore, to remain safe, you are strongly advised to check if your operating system is running the latest version of Libgcrypt library.
Stay updated and stay safe!