on communication - gpg's el gamal and debian's openssl

Georgi Guninski guninski at guninski.com
Wed Sep 21 00:56:44 PDT 2016


On Tue, Sep 20, 2016 at 05:57:59PM -0400, Steve Kinney wrote:
> > search the interwebz for references.
> 
> TL;DR
>

Here are some links of the more important screwups IMHO.

Suspect zero or more of (spec) backdoors, social engineering, gross
incompetence:

https://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000160.html
gpg
GnuPG's ElGamal signing keys compromised 
Thu Nov 27 09:29:51 CET 2003


https://www.debian.org/security/2008/dsa-1571
13 May 2008
Debian
It is strongly recommended that all cryptographic key material 
which has been generated by OpenSSL versions starting with 0.9.8c-1
on Debian systems is recreated from scratch. Furthermore, all DSA
keys ever used on affected Debian systems for signing or 
authentication purposes should be considered compromised; 
the Digital Signature Algorithm relies on a secret random value used during signature generation.

[1] http://seclists.org/fulldisclosure/2011/Sep/221
Thu, 22 Sep 2011
Ubuntu
Importing trusted apt gpg keys uses "--list-sigs", which doesn't
check the signatures. Also trivial keyid collisions.


https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128
2012-06-14
Ubuntu
Trivial import of trusted apt gpg keys via easy collision of the
long keyid (probably spec backdoor). Circumvents the pseudo fix for
[1].

https://lwn.net/Articles/22991/
(not crypto), Debian, micq
February 18, 2003
Mr. Kuhlmann decided that enough was enough, and he was going to take 
some action. As of mICQ 0.4.10.1, the code will, when built for the Debian 
distribution, print out a message which says some unflattering things about 
Mr. Loschwitz and encourages use of a different version; the program then exits. 
In other words, when built for Debian, mICQ thumbs its nose at the user and 
refuses to run. To help ensure that this code got into the official Debian version, 
it was written in an obfuscated manner, set to trigger only after February 11, and 
only if it was not being run by Mr. Loschwitz. For the curious, here is a posting 
containing the code in question. 

 



More information about the cypherpunks mailing list