[14376] in bugtraq
Re: PGP Signatures security BUG!
daemon@ATHENA.MIT.EDU (Will Price)
Wed Mar 22 02:07:36 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <38D72B4D.415B148A@cyphers.net>
Date: Mon, 20 Mar 2000 23:57:01 -0800
Reply-To: wprice@cyphers.net
From: Will Price <wprice@CYPHERS.NET>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We have researched this issue and discovered that in fact it was
caused by a problem with the machine running the primary keyserver at
certserver.pgp.com which resulted in a corrupt database. The corrupt
database was then handing out the wrong key for a few of the keys
(there are about 1 million keys in the database). The database has
been rebuilt and the responses are now correct in all cases.
Note that no security flaw was ever extant here. No signature was
ever incorrectly identified by PGP as valid. No key ID collision
occurred. As mentioned by other posters, had a key ID collision
occurred, the effect would be harmless because the collision key
would not be valid.
Florian Weimer wrote:
>
> "Povl H. Pedersen" <pope@NETGUIDE.DK> writes:
>
> > This was the first time he verified it.
> >
> > The signature has Key ID: 0x6F620B65
> >
> > So he had to look up the key using the keyservers, and
> > surprisingly enough, the server did NOT return the name of the
> > sender, but of a person called "Mike Evans".
>
> Several answers in this thread have addressed quite a few problems
> regarding faked user IDs and key IDs. This kind of attack is a
> significant threat only if you rely on this information to
> establish the validity of a public key, but of course, this
> approach is
> fundamentally flawed.
>
> The problem that Povl observed was likely quite different.
> According to my own attempts, NAI's server simply returned the
> wrong key, which didn't share any obvious characteristics with the
> one which was
> requested (both key ID and user ID were different). Currently, I'm
> unable to reproduce the server behavior, though.
- --
Will Price, Director of Engineering
PGP Security, Inc.
a division of Network Associates, Inc.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0 (Build 141 Alpha)
iQA/AwUBONcrFay7FkvPc+xMEQIXNACdGGztr17TZmeMh/lJeEpHxMgDRcMAn3lU
NeapzZ6CNFWqi1ZnfSaIh88e
=EtdE
-----END PGP SIGNATURE-----
