What the flaw says is that if I get write access to your private key I can cause you to reveal it. Like interesting but not exactly gripping stuff. If I can write to your private key you are probably !@@$(&**ed. The report is incorrect in stating that PGP is the most popular email security package, there are 100 million copies of S/MIME enabled email applications in use. Phill
-----Original Message----- From: owner-fight-censorship@vorlon.mit.edu [mailto:owner-fight-censorship@vorlon.mit.edu]On Behalf Of Declan McCullagh Sent: Wednesday, March 21, 2001 1:36 PM To: cypherpunks@cyberpass.net; cryptography@c2.net Cc: fight-censorship@vorlon.mit.edu Subject: PGP flaw found by Czech firm allows dig sig to be forged
http://www.wired.com/news/politics/0,1283,42553,00.html
Your E-Hancock Can Be Forged by Declan McCullagh (declan@wired.com) 10:20 a.m. Mar. 21, 2001 PST
WASHINGTON -- A Czech information security firm has found a flaw in Pretty Good Privacy that permits digital signatures to be forged in some situations.
Phil Zimmermann, the PGP inventor who's now the director of the OpenPGP Consortium, said on Wednesday that he and a Network Associates (NETA) engineer verified that the vulnerability exists.
ICZ, a Prague company with 450 employees, said that two of its cryptologists unearthed a bug in the OpenPGP format that allows an adversary who breaks into your computer to forge your e-mail signature.
Both Zimmermann and the Czech engineers, Vlastimil Klima and Tomas Rosa, point out that the glitch does not affect messages encrypted with PGP. OpenPGP programs -- including GNU Privacy Guard and newer versions of PGP -- use different algorithms for signing and scrambling, and only the digital signature method is at risk.
PGP and its offspring are by far the most popular e-mail encryption programs in the world. Nobody has disclosed a flaw in their message-scrambling mechanisms, but PGP owner Network Associates suffered an embarrassment last August when a German cryptanalyst published a way that allows an attacker to hoodwink PGP into not encoding secret information properly.
In this case, someone wishing to impersonate you would need to gain access to your secret key -- usually stored on a hard drive or a floppy disk -- surreptitiously modify it, then obtain a message you signed using the altered secret key. Once those steps are complete, that person could then digitally sign messages using your name.
"PGP or any program based on the OpenPGP format that does not have any extra integrity check will not recognize such modification and it will allow you to sign a message with the corrupted key," says Rosa, who works at Decros, an ICZ company. Rosa says he demonstrated the vulnerability with PGP 7.0.3.
[...]