PGP flaw found by Czech firm allows dig sig to be forged

Phillip Hallam-Baker hallam at ai.mit.edu
Wed Mar 21 20:01:56 PST 2001 

What the flaw says is that if I get write access to your private key 
I can cause you to reveal it.

Like interesting but not exactly gripping stuff. If I can write to your
private key you are probably !@@$(&**ed.

The report is incorrect in stating that PGP is the most popular email
security package, there are 100 million copies of S/MIME enabled
email applications in use.

	Phill

> -----Original Message-----
> From: owner-fight-censorship at vorlon.mit.edu
> [mailto:owner-fight-censorship at vorlon.mit.edu]On Behalf Of Declan
> McCullagh
> Sent: Wednesday, March 21, 2001 1:36 PM
> To: cypherpunks at cyberpass.net; cryptography at c2.net
> Cc: fight-censorship at vorlon.mit.edu
> Subject: PGP flaw found by Czech firm allows dig sig to be forged
> 
> 
> 
> 
> http://www.wired.com/news/politics/0,1283,42553,00.html
>    
>    Your E-Hancock Can Be Forged
>    by Declan McCullagh (declan at wired.com)
>    10:20 a.m. Mar. 21, 2001 PST
>    
>    WASHINGTON -- A Czech information security firm has found a flaw in
>    Pretty Good Privacy that permits digital signatures to be forged in
>    some situations.
>    
>    Phil Zimmermann, the PGP inventor who's now the director of the
>    OpenPGP Consortium, said on Wednesday that he and a 
> Network Associates
>    (NETA) engineer verified that the vulnerability exists.
>    
>    ICZ, a Prague company with 450 employees, said that two of its
>    cryptologists unearthed a bug in the OpenPGP format that allows an
>    adversary who breaks into your computer to forge your e-mail
>    signature.
>    
>    Both Zimmermann and the Czech engineers, Vlastimil Klima and Tomas
>    Rosa, point out that the glitch does not affect messages encrypted
>    with PGP. OpenPGP programs -- including GNU Privacy Guard and newer
>    versions of PGP -- use different algorithms for signing and
>    scrambling, and only the digital signature method is at risk.
>    
>    PGP and its offspring are by far the most popular e-mail encryption
>    programs in the world. Nobody has disclosed a flaw in their
>    message-scrambling mechanisms, but PGP owner Network Associates
>    suffered an embarrassment last August when a German cryptanalyst
>    published a way that allows  an attacker to hoodwink PGP into not
>    encoding secret information properly.
>    
>    In this case, someone wishing to impersonate you would need to gain
>    access to your secret key -- usually stored on a hard drive or a
>    floppy disk -- surreptitiously modify it, then obtain a message you
>    signed using the altered secret key. Once those steps are complete,
>    that person could then digitally sign messages using your name.
>    
>    "PGP or any program based on the OpenPGP format that does 
> not have any
>    extra integrity check will not recognize such modification 
> and it will
>    allow you to sign a message with the corrupted key," says Rosa, who
>    works at Decros, an ICZ company. Rosa says he demonstrated the
>    vulnerability with PGP 7.0.3.
> 
>    [...]
> 
>

More information about the cypherpunks-legacy mailing list