Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG
Steve Schear
schear at attbi.com
Sat Feb 8 20:50:41 PST 2003
[Apologies if this item was passed through the list. It was news to me.]
Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG
K. Jallad, J. Katz, and B. Schneier
Information Security Conference 2002 Proceedings, Springer-Verlag, 2002, to
appear.
ABSTRACT: We recently noted that PGP and other e-mail encryption protocols
are, in theory, highly vulnerable to chosen-ciphertext attacks in which the
recipient of the e-mail acts as an unwitting "decryption oracle." We argued
further that such attacks are quite feasible and therefore represent a
serious concern. Here, we investigate these claims in more detail by
attempting to implement the suggested attacks. On one hand, we are able to
successfully implement the described attacks against PGP and GnuPG (two
widely-used software packages) in a number of different settings. On the
other hand, we show that the attacks largely fail when data is compressed
before encryption.
Interestingly,the attacks are unsuccessful for largely fortuitous reasons;
resistance to these attacks does not seem due to any conscious effort made
to prevent them. Based on our work, we discuss those instances in which
chosen-ciphertext attacks do indeed represent an important threat and hence
must be taken into account in order to maintain confidentiality. We also
recommend changes in the OpenPGP standard to reduce the effectiveness of
our attacks in these settings.
http://www.counterpane.com/pgp-attack.html
"Reality must take precedence over public relations, for nature cannot be
fooled."
-- Richard P. Feynman
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the Testlist
mailing list