A critical vulnerability has been discovered in the encryption library Libgcrypt for 18 years.

The GnuPG Project team has posted a report that the popular library Libgcrypt contains a critical vulnerability. The error was discovered by experts of the Karlsruhe German Institute of Technology Felix Dörre and Vladimir Klebanov.

The vulnerability is contained in the Libgcrypt random number generator - it allows an attacker who has received 4640 bits from the generator to easily predict the next 160 bits of his output. This opens up the possibility for hacking encryption keys. The bug is present in the Libgcrypt and GnuPG versions released before August 17, 2016, for all platforms. As stated in the GnuPG Project post, this bug has existed since 1998.

The report also states that the initial analysis allowed us to confirm the cryptographic resistance of the previously created RSA-keys. As for the Elgamal and DSA keys, "it seems unlikely that a private key can be predicted based on public information." The authors of the message urge users to remain calm and take the time to recall their keys.
')

How to protect

In the event that a user is working with a version of GnuPG or Libgcrypt from a specific vendor, they should wait for the corresponding security update issued by the company.

If GnuPG-2 versions 2.0.x or 2.1.x are used, then Libgcrypt should be updated - the developers have already released the revised versions of the library 1.7.3, 1.6.6 and 1.5.6. When using GnuPG-1 version 1.4.x, you must upgrade to version GnuPG 1.4.21.

To verify that the downloaded version is original and not modified, follow the instructions on the special page .

In short, this can be done in two ways. The first one is to verify the OpenPGP signature. For example, to verify the signature of the file libgcrypt-1.7.4.tar.bz2, you can use the following command, which checks whether the signature matches the source file:

gpg --verify libgcrypt-1.7.4.tar.bz2.sig libgcrypt-1.7.4.tar.bz2 

If the test is successful, a message appears.

In cases where using GnuPG is not possible, the SHA-1 checksum should be checked:

 sha1sum libgcrypt-1.7.3.tar.bz2 

The output should match the first row of the list:

  5a034291e7248592605db448481478e6c963aa9c libgcrypt-1.7.3.tar.bz2
 a05cba7037e6cbc68dcf3ea5b45f703b79fa234f libgcrypt-1.7.3.tar.gz
 ad79fd0b6963e1049612aa5d98e1a0b8eb775701 libgcrypt-1.6.6.tar.bz2
 d11b6ca1d55eb12f5d3091a5169d874806007130 libgcrypt-1.6.6.tar.gz
 62eade7cd3545efee1a87512d54f69151abbae47 libgcrypt-1.5.6.tar.bz2
 8d3f55cce21e17f21d0c991cccf6bf52ec244353 libgcrypt-1.5.6.tar.gz
 e3bdb585026f752ae91360f45c28e76e4a15d338 gnupg-1.4.21.tar.bz2
 97bfba0e4db7cb1a3458f73240481767cb7fe90e gnupg-1.4.21.tar.gz 

In addition, it recently became known that unknown people managed to forge PGP keys of Linux creator Linus Torvalds and key TOR developers. To do this, they used "clones" of short PGP key identifiers - as is well known, such short-IDs of different keys may coincide.