It'd be nice to have more specifics about the whole situation, but regardless - any preliminary threat assessments? Exactly how widely exploited do you think this has been?
Tim's post (although refuted by Marc) raises some serious issues since I suspect that Joe Public has his secret key sitting in c:\pgp\secring.pgp
Some coherent input on the possible impact of this would be appreciated.
Basically the threat model is very simple: Joe "slightly crypto-savvy pgp user" sixpack keeps his pgp keyring in c:\pgp on a dos/w95 box. The average user of any of the unices keeps his keyring in /usr/pgp or /usr/local/pgp it does not take a lot of attempts to go through most of the common places. The very same guy probably has a password that is: A. FRED (notice how close the letters are, this is a real dumb-ass password of the century) B. His wifes name C. Her birthday D. The name of his favourite film or some character from it... Can you say "dictionary attack"???. I must admit I personally, against all the rules, keep my pgp secret key on this box. This doesn`t worry be greatly because: 1. I have a strong passphrase. 2. This box is only on dialup, so is not connected for long, and I VERY rarely use the web anyway, Its too slow, so I prefer ftpmail and ftp for getting files. This corresondingly reduces the risk of me having used a site that exploited this hole. 3. If I ever have anything to recieve that needs to be really secure I use a one time key pair, so even the RSA key is one time. Most PGP mail I send or recieve is fairly innocuous and the use of encryption is just precautionary, ie. to stop nosy sysadmins. What it basically comes down to is that Joe Sixpack, the guy most likely to have his key compromised by this attack, is: 1. Not likely to be sending valuable enough mail to expend time mounting even a simple dictionary attack on his key. 2. The least likely to know about, understand or respond to this flaw. So basically the threat is the usual one: The stupid will get caught. If you are sending highly criminal mail your key shouldn`t be on any machine not 12 feet underground in a concrete bunker with 24 hour fully trusted security guards, CCTV etc. etc. anyway. Datacomms Technologies data security Paul Bradley, Paul@fatmans.demon.co.uk Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: FC76DA85 "Don`t forget to mount a scratch monkey"