PGP flaw found by Czech firm allows dig sig to be forged
Declan McCullagh
declan at well.com
Wed Mar 21 10:35:51 PST 2001
http://www.wired.com/news/politics/0,1283,42553,00.html
Your E-Hancock Can Be Forged
by Declan McCullagh (declan at wired.com)
10:20 a.m. Mar. 21, 2001 PST
WASHINGTON -- A Czech information security firm has found a flaw in
Pretty Good Privacy that permits digital signatures to be forged in
some situations.
Phil Zimmermann, the PGP inventor who's now the director of the
OpenPGP Consortium, said on Wednesday that he and a Network Associates
(NETA) engineer verified that the vulnerability exists.
ICZ, a Prague company with 450 employees, said that two of its
cryptologists unearthed a bug in the OpenPGP format that allows an
adversary who breaks into your computer to forge your e-mail
signature.
Both Zimmermann and the Czech engineers, Vlastimil Klima and Tomas
Rosa, point out that the glitch does not affect messages encrypted
with PGP. OpenPGP programs -- including GNU Privacy Guard and newer
versions of PGP -- use different algorithms for signing and
scrambling, and only the digital signature method is at risk.
PGP and its offspring are by far the most popular e-mail encryption
programs in the world. Nobody has disclosed a flaw in their
message-scrambling mechanisms, but PGP owner Network Associates
suffered an embarrassment last August when a German cryptanalyst
published a way that allows an attacker to hoodwink PGP into not
encoding secret information properly.
In this case, someone wishing to impersonate you would need to gain
access to your secret key -- usually stored on a hard drive or a
floppy disk -- surreptitiously modify it, then obtain a message you
signed using the altered secret key. Once those steps are complete,
that person could then digitally sign messages using your name.
"PGP or any program based on the OpenPGP format that does not have any
extra integrity check will not recognize such modification and it will
allow you to sign a message with the corrupted key," says Rosa, who
works at Decros, an ICZ company. Rosa says he demonstrated the
vulnerability with PGP 7.0.3.
[...]
More information about the Testlist
mailing list