Bugtraq mailing list archives
Re: Yes, they have found a serious PGP vulnerability...sort of
From: Florian Weimer <Florian.Weimer () RUS UNI-STUTTGART DE>
Date: Thu, 22 Mar 2001 20:24:51 +0100
Pavel Kankovsky <peak () argo troja mff cuni cz> writes:
Yes...for DSA keys, the modification of unencrypted public parameters is sufficient to carry out the attack (and this means the simple defence I proposed would not work). For RSA keys, esp. for version 4 of the format, they have to modify the encrypted information as well, exploiting weaknesses in the encryption to localize the effect of their changes. It is not as trivial as the DSA case but some implementations of RSA signatures (those not checking the keys thoroughly enough) may be vulnerable as well.
Yes, that's right. Unfortunatly I missed these attacks, and an unpatched GnuPG is vulnerable to them. Sorry about the confusion. I've written a patch which addresses the problem: http://cert.uni-stuttgart.de/files/fw/gnupg-klima-rosa.diff http://cert.uni-stuttgart.de/files/fw/gnupg-klima-rosa.diff.asc It introduces additional consistency checks, as suggested by the authors of the paper. The checks are slightly different, but they make the two additional attacks infeasible, I think. In the future, it might be a good idea to add a check the generated signature for validity, this will detect bugs in the MPI implementation which could result in a revealed secret key, too. (BTW: Werner Koch, the GnuPG maintainer, is currently not very well-connected to the Net, so please do not bombard him with e-mail.) -- Florian Weimer Florian.Weimer () RUS Uni-Stuttgart DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898
Current thread:
- Yes, they have found a serious PGP vulnerability...sort of Pavel Kankovsky (Mar 21)
- Re: Yes, they have found a serious PGP vulnerability...sort of Florian Weimer (Mar 22)
- Re: Yes, they have found a serious PGP vulnerability...sort of Pavel Kankovsky (Mar 23)
- Re: Yes, they have found a serious PGP vulnerability...sort of Florian Weimer (Mar 23)
- Re: Yes, they have found a serious PGP vulnerability...sort of Lutz Donnerhacke (Mar 23)
- Re: Yes, they have found a serious PGP vulnerability...sort of Pavel Kankovsky (Mar 23)
- <Possible follow-ups>
- Re: Yes, they have found a serious PGP vulnerability...sort of Pavel Kankovsky (Mar 25)
- Re: Yes, they have found a serious PGP vulnerability...sort of Florian Weimer (Mar 22)