Bugtraq mailing list archives
Re: Yes, they have found a serious PGP vulnerability...sort of
From: Pavel Kankovsky <peak () ARGO TROJA MFF CUNI CZ>
Date: Thu, 22 Mar 2001 19:50:52 +0100
On 22 Mar 2001, Florian Weimer wrote:
There's now a Czech paper with technical background:
And an English version at http://www.icz.cz/en/pdf/openPGP_attack_ENGvktr.pdf (From what I have heard, they--meaning ICZ management/marketing rather than the authors, Mr. Klima and Mr. Rosa, themselves--did not intend to publish the paper before Friday. Apparently, they figured out that approach was not good for their reputation.)
Although I cannot read Czech, their attack seems to be target against the public key stored in a secret key packet. This data is not cryptographically protected and can therefore be modified by an attacker who has write access to the key ring. If a signature is generated based on the modified public key data, the secret key will be exposed.
Yes...for DSA keys, the modification of unencrypted public parameters is sufficient to carry out the attack (and this means the simple defence I proposed would not work). For RSA keys, esp. for version 4 of the format, they have to modify the encrypted information as well, exploiting weaknesses in the encryption to localize the effect of their changes. It is not as trivial as the DSA case but some implementations of RSA signatures (those not checking the keys thoroughly enough) may be vulnerable as well. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- Yes, they have found a serious PGP vulnerability...sort of Pavel Kankovsky (Mar 21)
- Re: Yes, they have found a serious PGP vulnerability...sort of Florian Weimer (Mar 22)
- Re: Yes, they have found a serious PGP vulnerability...sort of Pavel Kankovsky (Mar 23)
- Re: Yes, they have found a serious PGP vulnerability...sort of Florian Weimer (Mar 23)
- Re: Yes, they have found a serious PGP vulnerability...sort of Lutz Donnerhacke (Mar 23)
- Re: Yes, they have found a serious PGP vulnerability...sort of Pavel Kankovsky (Mar 23)
- <Possible follow-ups>
- Re: Yes, they have found a serious PGP vulnerability...sort of Pavel Kankovsky (Mar 25)
- Re: Yes, they have found a serious PGP vulnerability...sort of Florian Weimer (Mar 22)