Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Newly discovered PGP vulnerability

By 87C751 in News
Wed Sep 05, 2001 at 01:51:14 PM EST
Tags: Security (all tags)
Security

The folks at PGP have announced a newly discovered vulnerability in the PGP SDK.


The SDK is the underlying engine used by the various tools in the PGP suite. This vulnerability affects display of certain trust information about a key with multiple ID's, which can lead a user to believe a valid signature was generated by an invalid ID. PGP says this only affects user interface display of signature information, and that inspecting the key when importing it will clearly show that the primary ID is unsigned. While not as bad as the general unhashed ID packet problem, it does lend itself to some social engineering attacks.

More on the unhashed packet problem:

Last year, a major problem with the construction of the PGP public key packet was discovered. This CIAC advisory describes the ADK attack, where a malicious party could add an Additional Decryption Key to an arbitrary Public Key. The PGPKeys application doesn't display the presence of ADKs by default, so a user who encrypts to a compromised key would also be encrypting to the attacker, perhaps without knowing.

Ralf Senderek published a paper on the ADK exploit, which provides some detail into the underlying mechanism. Some people expressed the opinion that the bug was a design decision made to facilitate exactly this attack.

It's not known at this time if Gnu Privacy Guard is vulnerable to this new problem. Both problems are noticed easily by astute PGP users, but pose threats to the less sophisticated user.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o The folks at PGP
o newly discovered vulnerability
o PGP SDK
o CIAC advisory
o Ralf Senderek published a paper
o design decision
o Gnu Privacy Guard
o Also by 87C751


Display: Sort:
Newly discovered PGP vulnerability | 4 comments (2 topical, 2 editorial, 0 hidden)
Should you trust any 7.x.x version? (2.50 / 2) (#2)
by jbridges on Wed Sep 05, 2001 at 11:55:10 AM EST

After seeing the notice about this new hotfix for PGP 7.x.x, I went hunting on GoogleGroups for discussion about these sort of hotfixes.

I found this particularly worrying message about the status of all 7.x.x versions of PGP (posted by Anonymous):

Usenet Message


31 Jul 2001 in <tmd5t19ofh7713@corp.supernews.com> nothing@nothing.net wrote:
> In article <bTl97.6401$sf2.1765584@news3.rdc1.on.home.com>, "Floppy" <floppy@canada.com> wrote:
> >i've read that some people are refusing to use it because of security
> >concerns ( no source ) and on principle ( no source ).
>
> You are correct that many people are. And again, these are valid concerns.
> This also appears to be a major reason for Phil Zimmermann leaving NAI, but
> even he uses 7.0.3,

Dare to confirm ?

PRZ is not using PGP v7.0.3, except for some not important PR times.
How do you know, that PRZ PGP v7.0.3 is the same that is available for download ?
How do you know, that PRZ PGP v7.0.3 is not compiled by him from other source code ?
How do you know, that NAI signed executables are the same that PRZ had access to at
source code level ?

PRZ didn't Sig the PGP v7.0.3, than why do you must trust what he did say ?

Shouldn't PRZ put his hand where his mouth is ?
I think, he should, when he is so sure about his opinions. But he didn't,
and that counts, at least for PGP v7.0.3

> and he gives his personal assurance that it has no
> backdoor.

Back door is one think, secure application is another think.
Back door presents or not, is only one part of bigger security issue.

> In the end, you have to rely on who you trust - as important as the
> source code release is, it does not quarantee the absence of a backdoor

Source code release will warrantee that back door may be find.

> - I can think of no one in this who is more trustworthy than PZ.

PRZ didn't program PGP v7.0.3
PRZ didn't test PGP v7.0.3
PRZ did philosophically oversees PGP, like appointed governor will do,
but he didn't physically sink in all that details, about 10 MB of code !!!




Will not affect GnuPG (4.50 / 4) (#4)
by BlckKnght on Wed Sep 05, 2001 at 03:56:14 PM EST

This vulnerability does not affect GnuPG. It's mostly a UI bug in PGP, not a real cryptography bug. It uses two different, but both reasonable, methods of displaying trust values of a key (something that's not strictly meaningful, as trust really belongs to user IDs). The trouble is that it mixes them in the GUI in a way that may be misleading.

GnuPG assigns trust to keys, by assuming any key with a trusted UID is trusted (this is one of the two ways PGP does it). It is consistant in this assumption, so there is no misleading output. It also mentions all UIDs in a key always, so that an attempted exploit would be pretty obvious.

I even tested the vulnerability by making three keys and following the steps in exploit description. GnuPG did verify the faked message but displayed the trusted UID before the fake one:

gpg: Signature made Wed 05 Sep 2001 03:03:24 PM CDT using DSA key ID 6E46A431
gpg: Good signature from "Edward <edward@foo.com>"
gpg: aka "Alice <alice@foo.com>"
This is the right answer, as the message really was from Edward (who would have been called Eve, if GnuPG allowed names with fewer than 5 characters).

-- 
Error: .signature: No such file or directory


Newly discovered PGP vulnerability | 4 comments (2 topical, 2 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!