• bizdelnick@lemmy.ml
    link
    fedilink
    arrow-up
    5
    ·
    11 months ago

    This paper is a bullshit. Authors claim they are able to extract an RSA 4096 decryption key within an hour using a prepared cyphertext, but this cannot work for PGP. PGP uses an asymmetric cypher (i.e. RSA) only to encrypt a symmetric cypher key (e.g. AES) that is used to encrypt/decrypt the text itself. So RSA does not work for hours, it takes only few milliseconds to decrypt a key that is 256 bit maximum.

    Even if this method worked, it would be very hardware dependant. They would need to tune their algorithm for each laptop being attacked. So if you don’t give your laptop to attacker for several weeks, he won’t be able to steal your key.