Bugtraq mailing list archives

Re: Minor PGP vulnerability

From: shamrock () NETCOM COM (Lucky Green)
Date: Wed, 16 Jul 1997 21:00:24 -0700


At 11:02 PM 7/15/97 +0200, Harald Weidner wrote:

As you might know, PGP uses a 32-Bit number, called key-ID, as
an internal index for storing and recognizing keys. Although
the key-ID's are quite randomly distributed within 31 of the
32 bits (the key-ID is always odd), the scheme how this key id
is derived from the (public) key is not cryptographically secure.


This is one more reason why the users of PGP should quickly move to the new
DSA/ElGamal keys used in PGP 5.0. An global effort is underway to scan and
proofread the printed source of PGP 5.0 after it was exported legally by a
subscriber of this list. Currently, 81% of the platform independent source
has been proofread. You can follow the progress at http://www.ifi.uio.no/pgp/


--Lucky Green <shamrock () netcom com>
  PGP encrypted mail preferred.
  DES is dead! Please join in breaking RC5-56.
  http://rc5.distributed.net/

Current thread:

Re: Vulnerability in Glimpse HTTP, (continued)
- - Re: Vulnerability in Glimpse HTTP Paul Phillips (Jul 08)
    - Re: Vulnerability in Glimpse HTTP Oliver Friedrichs (Jul 09)
    - CERT Vendor-Initiated Bulletin VB-97.05 - Vul in Lynx Temporary Nicolas Dubee (Jan 01)
    - Re: Vulnerability in Glimpse HTTP Martin Pool (Jul 10)
    - It's not over yet. Aleph One (Jul 11)
    - It's not over yet. Manley, Jim W (Jul 11)
    - More information about JavaScript bug Dominick Matthias PN OIL 6 (Jul 11)
    - new post SP3 hotfix: lm-fix Alex Libenson (Jul 12)
    - Minor PGP vulnerability Harald Weidner (Jul 15)
    - GetAdmin - Hotfix silent release ? Olivier Gerschel (Jul 16)
    - Re: Minor PGP vulnerability Lucky Green (Jul 16)
    - CERT Advisory CA-97.21 - SGI Buffer Overflow Vulnerabilities Aleph One (Jul 17)
    - slight misinformation in CA-97.21 Dave Kormann (Jul 17)
    - msg00234.html brush () SEARCH POL PL (Jul 17)
    - CERT Vendor-Initiated Bulletin VB-97.05 - Vul in Lynx Temporary Aleph One (Jul 16)
    - Sun Security Bulletin #00146 Aleph One (Jul 16)
    - Sun CDE 1.0.1: login bug Isaac (Jul 28)
    - Re: Sun CDE 1.0.1: login bug Doug Hughes (Jul 29)
    - CERT Vendor-Initiated Bulletin VB-97.06 - Vul in Lynx Downloading Aleph One (Jul 16)
  - [linux-security] so-called snprintf() in db-1.85.4 (fwd) Aleph One (Jul 09)
    - Re: [linux-security] so-called snprintf() in db-1.85.4 (fwd) Joe Zbiciak (Jul 10)

(Thread continues...)