[19788] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Yes, they have found a serious PGP vulnerability...sort of

daemon@ATHENA.MIT.EDU (Pavel Kankovsky)
Fri Mar 23 03:47:47 2001

MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID:  <20010322192709.4D4F.0@argo.troja.mff.cuni.cz>
Date:         Thu, 22 Mar 2001 19:50:52 +0100
Reply-To: Pavel Kankovsky <peak@ARGO.TROJA.MFF.CUNI.CZ>
From: Pavel Kankovsky <peak@ARGO.TROJA.MFF.CUNI.CZ>
X-To:         Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <tgy9tyvzp8.fsf@mercury.rus.uni-stuttgart.de>

On 22 Mar 2001, Florian Weimer wrote:

> There's now a Czech paper with technical background:

And an English version at

	http://www.icz.cz/en/pdf/openPGP_attack_ENGvktr.pdf

(From what I have heard, they--meaning ICZ management/marketing rather
than the authors, Mr. Klima and Mr. Rosa, themselves--did not intend
to publish the paper before Friday. Apparently, they figured out that
approach was not good for their reputation.)

> Although I cannot read Czech, their attack seems to be target against
> the public key stored in a secret key packet.  This data is not
> cryptographically protected and can therefore be modified by an
> attacker who has write access to the key ring.  If a signature is
> generated based on the modified public key data, the secret key will
> be exposed.

Yes...for DSA keys, the modification of unencrypted public parameters is
sufficient to carry out the attack (and this means the simple defence I
proposed would not work). For RSA keys, esp. for version 4 of the format,
they have to modify the encrypted information as well, exploiting
weaknesses in the encryption to localize the effect of their changes.
It is not as trivial as the DSA case but some implementations of RSA
signatures (those not checking the keys thoroughly enough) may be
vulnerable as well.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
home help back first fref pref prev next nref lref last post