Hello, everybody, (Please note that I sent this to several mailinglists at once. I am not subscribed to cypherpunks any longer, so I won't see any replies there.) I think I have realized a serious flaw in PGPs key-handling. This may lead to people using and signing bogus keys despite the usual security measures. The problem is that PGP fails to differentiate between two keys sharing the same 64-bit-Key-ID. It is not a real problem to generate a key with a given key-ID (just take a prime, invert the desired key-ID modulo this prime and look for another prime whose lower bits are the same as in the number you just calculated), so the following attack would be possible: - Get the real key you wish to mimic. - Generate a fake key with the correct IDs. - Send your bogus key to a person of which you know that - This person does not have the correct key yet. - This person is going to meet the correct key's owner. If the owner of the correct key does not give a fingerprint, but rather a disk with the correct key to the person you are trying to fool, his or her pgp won't ring alarm bells when reading the key (apart from possibly a failed signature), but rather will tell him the key is already there. He will then, most probably, sign the bogus key without any further thought. Therefore, you should *always* check the fingerprint, even if you got the real key, at least if it has no valid signature from its alleged owner. -- Christopher Creutzig # Im Samtfelde 19 # D-33098 Paderborn # V+49-5251-71873 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Sammele Vorschläge zur Rettung vom Genitiv.