Problems with private keyring?

Arno Wagner wagner at tik.ee.ethz.ch
Thu Mar 22 16:52:03 CET 2001


There is now a PPT presentation on the page. From this I conclude
that the method used is to weaken the secret key (DSA) by making
the underlying field used for computation simpler in structure.
A sample signature can then be used to determine the key (which stays
unchanged). It seems to me that the signature will not be valid,
as the public key still contains the original finite field.
For RSA it seem that they can somehow make the signature made with
a changed secret key leak out key material. This is seemingly due
to the CFB mode used. I am not sure whether this can be detected 
in verifying a signature (faulty signature like for the DSA case).

I am a little rusty on the mathematics, but the implication seems
clear: If somebody has write access to your secret key file, they
can probably capture your secret key. 

However as Werner Koch pointed out this is comparable to an 
attack that replaces the GunPG binary with a trojan horse.
If you have installed the binary under your user id, the 
trojan horse is an even more simple attack. If it was installed
as root it depends. I would say hacking an individual user
with good password is not significantly easier than hacking 
root. In fact I would expect that the usual way is a root compromise, 
then followed by user compromises. 

I also seem to remember that the GnuPG/PGP documentation explicitely
advises not to give secret key files away and to store them on a
read-only floppy in security critical applications. This procedure
would completely prevent the new attacks.

So IMO this new attack is interessting, something should be done,
but any form of panic is inappropriate. The level of security
of GnuPG has probably not been lowerd significantly, if at all.

Regards,
Arno Wagner

-- 
Arno Wagner     Dipl. Inform.      ETH Zuerich      wagner at tik.ee.ethz.ch
GnuPG: ID: F0C049F1  FP: 8C E0 6F A5 CC B1 5A 11  ED C7 AD D2 05 5E BB 6F
"What I saw in the Xerox PARC technology was the caveman interface, you point
 and you grunt. A massive winding down, regressing away from language, in
 order to address the technological nervousness of the user. Users wanted to
 be infantilized, to return to a pre-linguistic condition in the using of
 computers, and the Xerox PARC technology's primary advantage was that it
 allowed users to address computers in a pre-linguistic way. This was to my
 mind a terribly socially retrograde thing to do, and I have not changed my
 mind about that." Eben Moglen (http://old.law.columbia.edu for more by E.M.) 




More information about the Gnupg-devel mailing list