Vulnerabiity in OpenPGP
March 22, 2001 10:43 AM   Subscribe

Vulnerabiity in OpenPGP You don't even need to crack the key, just get hold of it, modify a few bytes, and presto, sign away from other persona. The issue here is signing, not encrypting. The implications are evident when you think of internet voting, tax filing, etc., but it is still a victory for open cryptography, where peer review can find serious flaws.
posted by pecus (2 comments total)
TheReg has a response from NAI/Zimmerman about the flaw here. They (NAI, not TheReg) are downplaying this (obviously) but do make a valid point...if someone has access to your private key, then they have access to all kinds of other data as well. Your private key shouldn't be accessible, and that's been known since we started with PK crypto.
posted by ivey at 11:15 AM on March 22, 2001

Having access to your private key doesn't usually get a cryptographic attacker much of anywhere, because your private key is protected by your passphrase, and your passphrase (while short) is mathematically speaking "long enough" relative to the length of the key that it'd make it difficult to unlock the key without the passphrase. (Cracking the key is made more difficult by the fact that it's a collection of more or less random bits so there's no way to tell when you've got the correct one, short of repeatedly using it to try to decode an encrypted message which is known to fall within certain parameters -- such as ASCII-encoded -- which is extremely time-consuming.)

This hole is bad because it lets people figure out the private key without having the passphrase. However, since PGP apparently uses different keys for authentication and for encryption, only authentication (a useful but much less frequently employed part of PGP than encryption) is affected, which is a nice indication of the amount of hard thinking and intelligent design that went into PGP. I'm less worried about people pretending to be me than I am about them reading my mail, in any case. So on the face of it, maybe it doesn't really sound that bad after all.

But wait. The real danger is that, having successfully deduced one of your private keys, they are in a much better position to try to crack the whole thing because they know some of the contents of the key file.
posted by kindall at 5:17 PM on March 22, 2001

« Older It's going to get ugly   |   reboot? Newer »

This thread has been archived and is closed to new comments