Gartner warns of crypto bug attack tools

The recently discovered bug allowing timing attacks against cryptographic algorithms could allow hackers to measure the behaviour of cryptographic software to reveal information about its keys.

Industry experts have warned that this will "inevitability result in the proliferation of new attack tools".

Analyst firm Gartner said that the attacks against cryptographic algorithms, discovered by Canadian researcher Colin Percival, could allow hackers to extract sensitive data by creating a parallel thread to measure cache activity in a cryptographic thread.

The attack does not reflect a security weakness in processor hyper-threading, but rather a weakness in the security algorithms exposed by Percival's ingenious timing attack, according to Gartner.

"The opportunities to use this attack seem narrow, because there are other, simpler ways to access keys running on the same machine. But history suggests that unaddressed security flaws usually mean trouble," said Martin Reynolds, vice president at Gartner's Dataquest division.

"Vendors of cryptographic code must address this weakness as a priority, by either affirming that their code is safe or correcting the flaw."

However, Reynolds added that disabling hyper-threading is not an effective solution to the problem. Vulnerable code must be corrected, or cryptographic processes must be run in protected environments.

The analyst advises against keeping intermediate results, keys or passwords in memory. Algorithms should delete secret bits as soon as they are no longer needed.

"Password entries should be checked against hashes after initialisation. Intermediate results should be written over as soon as possible, rather than left in memory," said Reynolds.

"These approaches defend against spy processes that peer into memory, and against searching of hibernation and paging files, as well as unallocated memory."

According to Gartner, enterprises should identify areas where cryptographic software could represent a risk and ask their vendor to certify that they have secured code against the exploit.

"Gartner has identified at least one security package that keeps passwords in memory, which means that the password is propagated into the hibernation and system paging files and is subject to trivial memory scanning," Reynolds warned.