[19762] in bugtraq
Re: Have they found a serious PGP vulnerability?!
daemon@ATHENA.MIT.EDU (Peter Hanecak)
Wed Mar 21 18:06:55 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.21.0103211017310.19332-100000@megaloman.megaloman.sk>
Date: Wed, 21 Mar 2001 10:36:01 +0100
Reply-To: Peter Hanecak <hanecak@MEGALOMAN.COM>
From: Peter Hanecak <hanecak@MEGALOMAN.COM>
X-To: Pavel Kankovsky <peak@ARGO.TROJA.MFF.CUNI.CZ>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010320005446.22A8.0@argo.troja.mff.cuni.cz>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
On Tue, 20 Mar 2001, Pavel Kankovsky wrote:
> No details are available right now and the data included in the article
> seems to be partially self-contradicting (on the other hand, it can be
> just a result of standard journalistic post-production). They say there
> will be a press conference today (March 20) at 15:00 MET where ICZ people
> will shed more light on this issue.
ICZ's press statement can be found here:
http://www.icz.cz/onas/tisk4.html
It is in czech.
> Personally, I think they have found some new obscure attack (perhaps some
> side-channel attack) that can be used when some bizzare conditions are
> met, or maybe they have reinvented the wheel, and have discovered a Trojan
> horse can steal private keys when PGP decrypts them in order to be able to
> use them.
If I'm correct, I can summarize information found at
http://www.icz.cz/onas/tisk4.html as follows:
They found a way how to calculate victims private key from victims
encrypted private key file and at least one signad message (signed by that
private key). It takes small modification of private key file and about
half a second of calculation on commom PC.
So to succesfully perform attack their way, you have to:
1) obtain victims private key file
2) obtain at least one message signed by above key
3) have knowleddge and tools those ICZ folks have
4) apply 3 on 1 and 2
Attack takes advantage of missues of crypto algorithms when encrytping
private key. They claim OpenPGP spec is responsible for that missuse.
If you are intrerested in more information, please contact directly ICZ
while I'm not cryptography expert nor profesional translator. Or look for
other sources.
Sincerely
Peter Hanecak
- --
===================================================================
Peter Hanecak <hanecak@megaloman.com>
GPG pub.key: http://www.megaloman.com/gpg/hanecak-megaloman.txt
===================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6uHYF1rzDsblwlA8RAlGtAJ4lqqhr17UnfZgn5zqrVqfHXivYwwCfWzkg
aSMFFEBe1vkGm/3leID++/8=
=gQcT
-----END PGP SIGNATURE-----
