Impact of Netscape kernel hole (fwd)
It'd be nice to have more specifics about the whole situation, but regardless - any preliminary threat assessments? Exactly how widely exploited do you think this has been?
Tim's post (although refuted by Marc) raises some serious issues since I suspect that Joe Public has his secret key sitting in c:\pgp\secring.pgp
Some coherent input on the possible impact of this would be appreciated.
Basically the threat model is very simple: Joe "slightly crypto-savvy pgp user" sixpack keeps his pgp keyring in c:\pgp on a dos/w95 box. The average user of any of the unices keeps his keyring in /usr/pgp or /usr/local/pgp it does not take a lot of attempts to go through most of the common places. The very same guy probably has a password that is: A. FRED (notice how close the letters are, this is a real dumb-ass password of the century) B. His wifes name C. Her birthday D. The name of his favourite film or some character from it... Can you say "dictionary attack"???. I must admit I personally, against all the rules, keep my pgp secret key on this box. This doesn`t worry be greatly because: 1. I have a strong passphrase. 2. This box is only on dialup, so is not connected for long, and I VERY rarely use the web anyway, Its too slow, so I prefer ftpmail and ftp for getting files. This corresondingly reduces the risk of me having used a site that exploited this hole. 3. If I ever have anything to recieve that needs to be really secure I use a one time key pair, so even the RSA key is one time. Most PGP mail I send or recieve is fairly innocuous and the use of encryption is just precautionary, ie. to stop nosy sysadmins. What it basically comes down to is that Joe Sixpack, the guy most likely to have his key compromised by this attack, is: 1. Not likely to be sending valuable enough mail to expend time mounting even a simple dictionary attack on his key. 2. The least likely to know about, understand or respond to this flaw. So basically the threat is the usual one: The stupid will get caught. If you are sending highly criminal mail your key shouldn`t be on any machine not 12 feet underground in a concrete bunker with 24 hour fully trusted security guards, CCTV etc. etc. anyway. Datacomms Technologies data security Paul Bradley, Paul@fatmans.demon.co.uk Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: FC76DA85 "Don`t forget to mount a scratch monkey"
Joe "slightly crypto-savvy pgp user" sixpack keeps his pgp keyring in c:\pgp on a dos/w95 box. The average user of any of the unices keeps his keyring in /usr/pgp or /usr/local/pgp it does not take a lot of attempts to go through most of the common places.
The very same guy probably has a password that is:
[Dictionary attack on wimpy passphrases ]
With PGP 2.0 ... 4.0 secret keyring files, there's another attack. (I don't know if PGP 5.0 files have this problem or not.) You can't get the secret key itself from the password file without cracking the IDEA password (or algorithm), but the user-name is in cleartext. Joe Sixpack <jr6@aol.com> 0x98458509834295834098589... Joe Sixpack <purchasing@work.com> 0x34543905843f90853490545... Jane Doe #2 <janedoe2@nym.alias.net> 0x2d0e2d0e231415926535487... Lone Ranger <maskedman@dopedeal.com> 0x23dead5beef890832455345... TruthMunger <medusa@blacknet.gov> 0x27182818284590459024090... Arms Buyer <getguns@freeburma.org> 0x08908024308732049872390... If you've got pseudonyms as well as your real name, they show; you've got all the usual risks of traffic analysis, outing, etc. and your secret identity is toast. For most people, it's not a big risk, but if you really _do_ need to keep your pseudonym untraceable, this lets it leak out of your encrypted hard disk, which would be Bad. Publius
On Sat, 14 Jun 1997, Paul Bradley wrote:
It'd be nice to have more specifics about the whole situation, but regardless - any preliminary threat assessments? Exactly how widely exploited do you think this has been?
Tim's post (although refuted by Marc) raises some serious issues since I suspect that Joe Public has his secret key sitting in c:\pgp\secring.pgp
Some coherent input on the possible impact of this would be appreciated.
Basically the threat model is very simple:
Joe "slightly crypto-savvy pgp user" sixpack keeps his pgp keyring in c:\pgp on a dos/w95 box. The average user of any of the unices keeps his keyring in /usr/pgp or /usr/local/pgp it does not take a lot of attempts to go through most of the common places.
The very same guy probably has a password that is:
[snip]
Can you say "dictionary attack"???.
There is another, more insidious attack to worry about. Joe Cypherpunk has his PGP secret keyring in the "standard location". Joe Cypherpunk has also been posting to "Unpopular Usenet Group #666" (be it alt.religion.scientology or alt.clinton.fisting) using a nym(s) which have keys on the PGP keyring. All the perp has to do, once the secring.pgp is obtained is "pgp -kvv secring.pgp" and he now knows that Joe Cypherpunk and Secret Nym are the same person. This is a *BAD* thing. alano@teleport.com | "Those who are without history are doomed to retype it."
All the perp has to do, once the secring.pgp is obtained is "pgp -kvv secring.pgp" and he now knows that Joe Cypherpunk and Secret Nym are the same person.
Another reason for keeping physical security over keys, nym keys, if it is important enough that the nym stays unidentifiable, should be kept on a different secring.pgp, which should be kept physically secure on a disk and encrypted using some other key than your own real-name secret key (this is just a measure to prevent breaking one key revealing the nym). Datacomms Technologies data security Paul Bradley, Paul@fatmans.demon.co.uk Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: FC76DA85 "Don`t forget to mount a scratch monkey"
-----BEGIN PGP SIGNED MESSAGE----- Now that Netscape has included and made available a patch re: the "hole" specifically for its new Communicator, does anyone have any info if and when patches are going to be available for 3.x versions? I didn't see anything on their web page regarding 3.x versions except for the suggestion [old news] of enabling the security alert. -----BEGIN PGP SIGNATURE----- Version: 4.5 iQCVAgUBM6imPz5A4+Z4Wnt9AQH5lAP/ShJiYpfNJOoWWZh5dQA3EgLlV1KhN26D t6VXjS6MKaml42hHhSH4ezqXWpX/jMxLY5+clzxvi2CIo+p2ObB/S49d8hTV/0kd oKmWfCyJ+UA/3G1bfrmTZ4ZAcT3vRpsAJPHsBvo+WhAWiUgjF9PnX4Pv9zUeRGkY 22z61W65qZk= =Alhc -----END PGP SIGNATURE----- ********************************************************* Lynne L. Harrison, Esq. | "The key to life: Poughkeepsie, New York | - Get up; lharrison@mhv.net | - Survive; http://www.dueprocess.com | - Go to bed." ************************************************************ DISCLAIMER: I am not your attorney; you are not my client. Accordingly, the above is *NOT* legal advice.
Paul Bradley wrote:
Joe "slightly crypto-savvy pgp user" sixpack keeps his pgp keyring in c:\pgp on a dos/w95 box. The average user of any of the unices keeps his keyring in /usr/pgp or /usr/local/pgp it does not take a lot of attempts to go through most of the common places.
The very same guy probably has a password that is:
A. FRED (notice how close the letters are, this is a real dumb-ass password of the century)
B. His wifes name
C. Her birthday
D. The name of his favourite film or some character from it...
Can you say "dictionary attack"???.
Can you say "idiots have to pay"? - Igor.
participants (5)
-
Alan -
Bill Stewart -
ichudov@Algebra.COM -
Lynne L. Harrison -
Paul Bradley