[19783] in bugtraq
Re: Yes, they have found a serious PGP vulnerability...sort of
daemon@ATHENA.MIT.EDU (Florian Weimer)
Thu Mar 22 16:55:45 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <tgy9tyvzp8.fsf@mercury.rus.uni-stuttgart.de>
Date: Thu, 22 Mar 2001 11:57:07 +0100
Reply-To: Florian Weimer <Florian.Weimer@RUS.UNI-STUTTGART.DE>
From: Florian Weimer <Florian.Weimer@RUS.UNI-STUTTGART.DE>
X-To: Pavel Kankovsky <peak@ARGO.TROJA.MFF.CUNI.CZ>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010320203604.31AA.0@argo.troja.mff.cuni.cz>
Pavel Kankovsky <peak@ARGO.TROJA.MFF.CUNI.CZ> writes:
> ICZ has published some real information about their new attack against
> (Open)PGP. Their annoucement, in the English language, can be found at
> http://www.i.cz/en/onas/tisk4.html. They say they will make a research
> paper available at http://www.i.cz/ soon.
There's now a Czech paper with technical background:
http://www.i.cz:80/pdf/pgp/OpenPGP_attack_CZ.pdf
Although I cannot read Czech, their attack seems to be target against
the public key stored in a secret key packet. This data is not
cryptographically protected and can therefore be modified by an
attacker who has write access to the key ring. If a signature is
generated based on the modified public key data, the secret key will
be exposed.
This implies that the RSA implementation of GnuPG is *not* vulnerable,
because it uses only the cryptographically protected secret key data
for signature generation. However, the DSA implementation seems to be
vulnerable.
--
Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
