Bugtraq mailing list archives
Re: PGP Signatures security BUG!
From: haustein () INFORMATIK RWTH-AACHEN DE (Tobias Haustein)
Date: Wed, 8 Mar 2000 10:49:11 +0100
* Povl H. Pedersen (pope () NETGUIDE DK) [000308 10:29]:
[...]
Adding Mike Evans' public key to the keyring still results in the signature verification being OK, but the username is listed as unknown.
[...]
The problem is, that the PGP servers expects all key IDs to be unique numbers, and does not expect 2 users to have the same keyID. And with the current amount of users, we are starting to get multiple users with the same keyID.
[...]
Hmmmm. If this were true, this means that the public keys and not just the key ids are the same (the key id is derived from the key, so if the keys are the same, the key id must be the same, too). Therefore, this has nothing to do with the key servers, but with the creation and assignment of keys. Today, the key is generated using a strong random number algorithm and there is no way to check whether some key has already been created by another user. In fact, it's totally impossible to avoid this kind of collusion. The only thing one could try is to detect such double spending of keys and make the users generate new keys if this happens. However, the chances that two people generate the same 1024 bit random number (less than 1024 bit are to be considered insecure) are so low, that this should be considered unnecessary. Now, that there seems to be the case that two people generated the same public key, one has to think about the quality of the used random number generator. There is the chance, that the seed that is used to initialize this generator is predictable. This, however, would be an implementation flaw of _some_ versions of PGP, and no real problem of the standard. I'd like to know who the two people with the same keys are and what versions of PGP they used to generate the keys. Of course, both guys should revoke their keys immediately. Ciao, Tobias -- Dipl. Inform. Tobias Haustein Department of Computer Science IV, Aachen University of Technology Ahornstr. 55, D-52056 Aachen Phone +49 (241) 80-21417, Fax +49 (241) 8888-220 E-Mail haustein () informatik rwth-aachen de Web http://www-i4.informatik.rwth-aachen.de/~haustein/ <HR NOSHADE> <UL> <LI>application/pgp-signature attachment: stored </UL>
Current thread:
- PGP Signatures security BUG! Povl H. Pedersen (Mar 07)
- Re: PGP Signatures security BUG! Tobias Haustein (Mar 08)
- Re: PGP Signatures security BUG! Werner Koch (Mar 08)
- RealServer exposes internal IP addresses tschweikle () FIDUCIA DE (Mar 08)
- Re: PGP Signatures security BUG! Eric Murray (Mar 08)
- [ Hackerslab bug_paper ] Linux printtool get printer password Sheshep ankh Dubhe (Mar 08)
- Re: [ Hackerslab bug_paper ] Linux printtool get printer password Tuomas Jormola (Mar 09)
- RealPlayer and Comet Cursor Keela Robison (Mar 09)
- Fwd: ircii-4.4 buffer overflow bladi (Feb 07)
- Re: Fwd: ircii-4.4 buffer overflow Derek Callaway (Mar 11)
- Re: RealPlayer and Comet Cursor pedward () WEBCOM COM (Mar 09)
- The Comet Cursor Sarah MacArthur (Mar 09)