this post was submitted on 01 Jan 2024
22 points (84.4% liked)
Security
5010 readers
1 users here now
Confidentiality Integrity Availability
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This paper is a bullshit. Authors claim they are able to extract an RSA 4096 decryption key within an hour using a prepared cyphertext, but this cannot work for PGP. PGP uses an asymmetric cypher (i.e. RSA) only to encrypt a symmetric cypher key (e.g. AES) that is used to encrypt/decrypt the text itself. So RSA does not work for hours, it takes only few milliseconds to decrypt a key that is 256 bit maximum.
Even if this method worked, it would be very hardware dependant. They would need to tune their algorithm for each laptop being attacked. So if you don't give your laptop to attacker for several weeks, he won't be able to steal your key.