NAI PGP open to ADK attack

Rich Wales richw at
Sun Aug 27 16:42:46 CEST 2000

John A. Martin wrote:

	> Why not all keys used, whether or not on the secret keyring?

This could actually be harder than it sounds.  As I understand it, the
decryption key's ID does not =have= to appear in an encrypted message
(and can explicitly be omitted via GnuPG's "--throw-keyid" option, for
instance).  In theory, a malicious or paranoid sender could purposely
omit the true key ID's and/or include bogus key ID's in a message.

Of course, the "unhashed ADK" bug doesn't involve a malicious sender,
so it's probably reasonable in this case to assume normal (albeit buggy)
behaviour of the sender's software.

My original point, in any case, was that a strategy for dealing with
things like the PGP ADK bug can't just involve getting all senders to
upgrade their software, but should also include checks at the receiving

BTW, I think my earlier claim that GnuPG users can be victimized by
messages encrypted by PGP 5/6 senders is not entirely correct, since
(AFAIK) current PGP's aren't equipped to use GnuPG's algorithms.  But
if PGP were to be upgraded in the future to be fully interoperable
with GnuPG, then PGP bugs could affect users of GnuPG.

Rich Wales         richw at
PGP 2.6+ key generated 2000-08-26; all previous encryption keys REVOKED.
RSA, 2048 bits, ID 0xFDF8FC65, print 2A67F410 0C740867 3EF13F41 528512FA

More information about the Gnupg-devel mailing list