Bugtraq mailing list archives
Re: PGP Signed Messages
From: "[Segmen]" <dontpanic999 () yahoo com>
Date: Mon, 15 Oct 2001 21:22:38 +0100
yep, my thoughts exactly... i see no reason why the comment shouldnt be included when generating the signature. agreed that anyone with any experience with PGP will spot this instantly, and confirm their suspicions by verifying the Message, but someone with little experience, or maybe even someone in a rush, who simply reads the message then confirms the valid the signature may miss this, which admittedly i have done sometimes for non-essential mails ;o) , could possibly be tricked by this.
From some of the replies i have received it seems that GPG is not vulnerable
to this trick. -- PGP Key ID : 0x897D43BA SDF Public Access UNIX System - http://sdf.lonestar.org ----- Original Message ----- From: "jms" <jms () uic edu> To: "[Segmen]" <dontpanic999 () yahoo com> Sent: Monday, October 15, 2001 9:13 PM Subject: RE: PGP Signed Messages
Here's my perspective as someone who has never used PGP. I would examine the message and probably conclude that the message is in some sort of PGP multi-part message, sort of like a multi-part MIME message, and that I was seeing the unparsed headers. If you had written "P.S. Please send the confidential ..." instead of "Please ...", that would probably be enough to convince me that I had "figured it out", because I've seen similar email where the author adds additional message text as a mime attachment to the original message. Of course, the PGP check would show the message to be authentic ... I would certainly agree that at the very least the contents of the comment should be included in computing the signature.===== Original Message From "[Segmen]" <dontpanic999 () yahoo com> ===== It occurred to me today what a bad idea the Comment Field is in PGP
signed
messages. Altering the Comment filed does not affect the validity of the signature, but to the non experienced PGP/GPG user it certainly appears
to
be part of the message. Example : A generic message I could have got hold of : -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, meeting cancelled, speak to you soon. -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBO8r9v9nrfc+JfUO6EQLrEACgv6+C07aWgAO+Dna0MHgEDaoDMxEAoJ2P 7gojqeCRqKqTkbFMkHCToxtq =lki3 -----END PGP SIGNATURE----- I could change this to : -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, meeting cancelled, speak to you soon. -----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please Send the Confidential Files from the planned meeting to My colleague Instead at me () host com . He will now be dealing with this matter. Speak to you soon, victim. -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.3 iQA/AwUBO8r9v9nrfc+JfUO6EQLrEACgv6+C07aWgAO+Dna0MHgEDaoDMxEAoJ2P 7gojqeCRqKqTkbFMkHCToxtq =lki3 -----END PGP SIGNATURE----- well, you get the idea. The signature is still valid. Agreed that only the beginner crypto user would fall for this, but if
they
were to read the message and then just use PGP to check the validity,
they
could be tricked into believing that the extra lines were part of the verified message. Does anybody else think this is quite a bad idea? -- PGP Key ID : 0x897D43BA SDF Public Access UNIX System - http://sdf.lonestar.org UKChat - http://www.ukchat.com _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Current thread:
- PGP Signed Messages [Segmen] (Oct 15)
- Re: PGP Signed Messages prime evil (Oct 15)
- Re: PGP Signed Messages Kurt Seifried (Oct 15)
- <Possible follow-ups>
- Re: PGP Signed Messages [Segmen] (Oct 15)