[Gnuk-users] Gnuk and possible hardware vulnerability

NdK ndk.clanbo at gmail.com
Sat Aug 19 08:57:05 UTC 2017

Il 19/08/2017 04:20, NIIBE Yutaka ha scritto:

> The KDF of Gnuk is not that strong, so far.  Now, I am proposing
> enhancement to do more repetition of computation also on host side.  For
> this enhancement, we have a ticket:
>     https://dev.gnupg.org/T3201
> ... since it requires the change of scdaemon of GnuPG.
How much slower would it run if doing the whole KDF computation in GnuK?
Maybe it could be worth it... IIRC, the decrypted key gets cached in RAM
anyway, so that would be a one-time penalty.

Regarding key caching, that could be a worse risk: if the same data is
kept for long periods in the same locations, RAM is "burned" with that
data and an attacker could recover key materiale even hours after
poweroff (but that requires decapping and advanced analysis techniques,
so as usual it depends on who your adversary is).
The countermeasure could be quite simple: periodically XOR the key
material with an 8 bit counter. That changes the state of every bit at
every complete cycle and a recovery would contain too many errors to be


More information about the gnuk-users mailing list