Bugtraq mailing list archives

Re: PGP Signatures security BUG!

From: haustein () INFORMATIK RWTH-AACHEN DE (Tobias Haustein)
Date: Wed, 8 Mar 2000 10:49:11 +0100


* Povl H. Pedersen (pope () NETGUIDE DK) [000308 10:29]:

[...]

Adding Mike Evans' public key to the keyring still results in the
signature verification being OK, but the username is listed as
unknown.

[...]

The problem is, that the PGP servers expects all key IDs to be unique
numbers, and does not expect 2 users to have the same keyID. And with
the current amount of users, we are starting to get multiple users
with the same keyID.

[...]


Hmmmm. If this were true, this means that the public keys and not just 
the key ids are the same (the key id is derived from the key, so if
the keys are the same, the key id must be the same, too). Therefore,
this has nothing to do with the key servers, but with the creation and 
assignment of keys. Today, the key is generated using a strong random
number algorithm and there is no way to check whether some key has
already been created by another user. In fact, it's totally impossible 
to avoid this kind of collusion. The only thing one could try is to
detect such double spending of keys and make the users generate new
keys if this happens. However, the chances that two people generate
the same 1024 bit random number (less than 1024 bit are to be
considered insecure) are so low, that this should be considered
unnecessary. 

Now, that there seems to be the case that two people generated the
same public key, one has to think about the quality of the used random 
number generator. There is the chance, that the seed that is used to
initialize this generator is predictable. This, however, would be an
implementation flaw of _some_ versions of PGP, and no real problem of
the standard. 

I'd like to know who the two people with the same keys are and what
versions of PGP they used to generate the keys. Of course, both guys
should revoke their keys immediately. 

Ciao,

Tobias

-- 
Dipl. Inform. Tobias Haustein

Department of Computer Science IV, Aachen University of Technology
Ahornstr. 55, D-52056 Aachen
Phone +49 (241) 80-21417, Fax +49 (241) 8888-220
E-Mail haustein () informatik rwth-aachen de
Web http://www-i4.informatik.rwth-aachen.de/~haustein/

<HR NOSHADE>
<UL>
<LI>application/pgp-signature attachment: stored
</UL>

Current thread:

PGP Signatures security BUG! Povl H. Pedersen (Mar 07)
- Re: PGP Signatures security BUG! Tobias Haustein (Mar 08)
- Re: PGP Signatures security BUG! Werner Koch (Mar 08)
- RealServer exposes internal IP addresses tschweikle () FIDUCIA DE (Mar 08)
- Re: PGP Signatures security BUG! Eric Murray (Mar 08)
- [ Hackerslab bug_paper ] Linux printtool get printer password Sheshep ankh Dubhe (Mar 08)
  - Re: [ Hackerslab bug_paper ] Linux printtool get printer password Tuomas Jormola (Mar 09)
  - RealPlayer and Comet Cursor Keela Robison (Mar 09)
    - Fwd: ircii-4.4 buffer overflow bladi (Feb 07)
    - Re: Fwd: ircii-4.4 buffer overflow Derek Callaway (Mar 11)
    - Re: RealPlayer and Comet Cursor pedward () WEBCOM COM (Mar 09)
    - The Comet Cursor Sarah MacArthur (Mar 09)

(Thread continues...)