PGP flaw found by Czech firm allows dig sig to be forged

aluger at hushmail.com aluger at hushmail.com
Thu Mar 22 14:58:21 PST 2001 

At Wed, 21 Mar 2001 23:01:56 -0500, "Phillip Hallam-Baker" <hallam at ai.mit.edu> 
wrote:

>
>The report is incorrect in stating that PGP is the most popular email
>security package, there are 100 million copies of S/MIME enabled
>email applications in use.

And how many of those "in use" applications actually USE the S/MIME feature? 
 I love the creative accounting practice that makes this argument.



>
>	Phill
>
>> -----Original Message-----
>> From: owner-fight-censorship at vorlon.mit.edu
>> [mailto:owner-fight-censorship at vorlon.mit.edu]On Behalf Of Declan
>> McCullagh
>> Sent: Wednesday, March 21, 2001 1:36 PM
>> To: cypherpunks at cyberpass.net; cryptography at c2.net
>> Cc: fight-censorship at vorlon.mit.edu
>> Subject: PGP flaw found by Czech firm allows dig sig to be forged
>> 
>> 
>> 
>> 
>> http://www.wired.com/news/politics/0,1283,42553,00.html
>>    
>>    Your E-Hancock Can Be Forged
>>    by Declan McCullagh (declan at wired.com)
>>    10:20 a.m. Mar. 21, 2001 PST
>>    
>>    WASHINGTON -- A Czech information security firm has found a flaw 
>in
>>    Pretty Good Privacy that permits digital signatures to be forged 
>in
>>    some situations.
>>    
>>    Phil Zimmermann, the PGP inventor who's now the director of the
>>    OpenPGP Consortium, said on Wednesday that he and a 
>> Network Associates
>>    (NETA) engineer verified that the vulnerability exists.
>>    
>>    ICZ, a Prague company with 450 employees, said that two of its
>>    cryptologists unearthed a bug in the OpenPGP format that allows 
>an
>>    adversary who breaks into your computer to forge your e-mail
>>    signature.
>>    
>>    Both Zimmermann and the Czech engineers, Vlastimil Klima and Tomas
>>    Rosa, point out that the glitch does not affect messages encrypted
>>    with PGP. OpenPGP programs -- including GNU Privacy Guard and newer
>>    versions of PGP -- use different algorithms for signing and
>>    scrambling, and only the digital signature method is at risk.
>>    
>>    PGP and its offspring are by far the most popular e-mail encryption
>>    programs in the world. Nobody has disclosed a flaw in their
>>    message-scrambling mechanisms, but PGP owner Network Associates
>>    suffered an embarrassment last August when a German cryptanalyst
>>    published a way that allows  an attacker to hoodwink PGP into not
>>    encoding secret information properly.
>>    
>>    In this case, someone wishing to impersonate you would need to 
>gain
>>    access to your secret key -- usually stored on a hard drive or 
>a
>>    floppy disk -- surreptitiously modify it, then obtain a message 
>you
>>    signed using the altered secret key. Once those steps are complete,
>>    that person could then digitally sign messages using your name.
>>    
>>    "PGP or any program based on the OpenPGP format that does 
>> not have any
>>    extra integrity check will not recognize such modification 
>> and it will
>>    allow you to sign a message with the corrupted key," says Rosa,
> who
>>    works at Decros, an ICZ company. Rosa says he demonstrated the
>>    vulnerability with PGP 7.0.3.
>> 
>>    [...]
>
Free, encrypted, secure Web-based email at www.hushmail.com

More information about the cypherpunks-legacy mailing list