PGP flaw found by Czech firm allows dig sig to be forged
Phillip Hallam-Baker
hallam at ai.mit.edu
Wed Mar 21 20:01:56 PST 2001
What the flaw says is that if I get write access to your private key
I can cause you to reveal it.
Like interesting but not exactly gripping stuff. If I can write to your
private key you are probably !@@$(&**ed.
The report is incorrect in stating that PGP is the most popular email
security package, there are 100 million copies of S/MIME enabled
email applications in use.
Phill
> -----Original Message-----
> From: owner-fight-censorship at vorlon.mit.edu
> [mailto:owner-fight-censorship at vorlon.mit.edu]On Behalf Of Declan
> McCullagh
> Sent: Wednesday, March 21, 2001 1:36 PM
> To: cypherpunks at cyberpass.net; cryptography at c2.net
> Cc: fight-censorship at vorlon.mit.edu
> Subject: PGP flaw found by Czech firm allows dig sig to be forged
>
>
>
>
> http://www.wired.com/news/politics/0,1283,42553,00.html
>
> Your E-Hancock Can Be Forged
> by Declan McCullagh (declan at wired.com)
> 10:20 a.m. Mar. 21, 2001 PST
>
> WASHINGTON -- A Czech information security firm has found a flaw in
> Pretty Good Privacy that permits digital signatures to be forged in
> some situations.
>
> Phil Zimmermann, the PGP inventor who's now the director of the
> OpenPGP Consortium, said on Wednesday that he and a
> Network Associates
> (NETA) engineer verified that the vulnerability exists.
>
> ICZ, a Prague company with 450 employees, said that two of its
> cryptologists unearthed a bug in the OpenPGP format that allows an
> adversary who breaks into your computer to forge your e-mail
> signature.
>
> Both Zimmermann and the Czech engineers, Vlastimil Klima and Tomas
> Rosa, point out that the glitch does not affect messages encrypted
> with PGP. OpenPGP programs -- including GNU Privacy Guard and newer
> versions of PGP -- use different algorithms for signing and
> scrambling, and only the digital signature method is at risk.
>
> PGP and its offspring are by far the most popular e-mail encryption
> programs in the world. Nobody has disclosed a flaw in their
> message-scrambling mechanisms, but PGP owner Network Associates
> suffered an embarrassment last August when a German cryptanalyst
> published a way that allows an attacker to hoodwink PGP into not
> encoding secret information properly.
>
> In this case, someone wishing to impersonate you would need to gain
> access to your secret key -- usually stored on a hard drive or a
> floppy disk -- surreptitiously modify it, then obtain a message you
> signed using the altered secret key. Once those steps are complete,
> that person could then digitally sign messages using your name.
>
> "PGP or any program based on the OpenPGP format that does
> not have any
> extra integrity check will not recognize such modification
> and it will
> allow you to sign a message with the corrupted key," says Rosa, who
> works at Decros, an ICZ company. Rosa says he demonstrated the
> vulnerability with PGP 7.0.3.
>
> [...]
>
>
More information about the cypherpunks-legacy
mailing list