NAI PGP open to ADK attack
Rich Wales
richw at webcom.com
Sun Aug 27 16:42:46 CEST 2000
John A. Martin wrote:
> Why not all keys used, whether or not on the secret keyring?
This could actually be harder than it sounds. As I understand it, the
decryption key's ID does not =have= to appear in an encrypted message
(and can explicitly be omitted via GnuPG's "--throw-keyid" option, for
instance). In theory, a malicious or paranoid sender could purposely
omit the true key ID's and/or include bogus key ID's in a message.
Of course, the "unhashed ADK" bug doesn't involve a malicious sender,
so it's probably reasonable in this case to assume normal (albeit buggy)
behaviour of the sender's software.
My original point, in any case, was that a strategy for dealing with
things like the PGP ADK bug can't just involve getting all senders to
upgrade their software, but should also include checks at the receiving
end.
BTW, I think my earlier claim that GnuPG users can be victimized by
messages encrypted by PGP 5/6 senders is not entirely correct, since
(AFAIK) current PGP's aren't equipped to use GnuPG's algorithms. But
if PGP were to be upgraded in the future to be fully interoperable
with GnuPG, then PGP bugs could affect users of GnuPG.
Rich Wales richw at webcom.com http://www.webcom.com/richw/
PGP 2.6+ key generated 2000-08-26; all previous encryption keys REVOKED.
RSA, 2048 bits, ID 0xFDF8FC65, print 2A67F410 0C740867 3EF13F41 528512FA
More information about the Gnupg-devel
mailing list