A coming attack on PGP, and a way to mitigate it
Daniel Franke
df at dfranke.us
Mon May 4 07:06:04 CEST 2009
David Shaw <dshaw at jabberwocky.com> writes:
> Drat, I made the same error. The nonce would have to be much earlier
> in the stream of bits being hashed to be useful. Ah well, it was too
> good to be true :)
It's a pity, really. We're foiled by what's almost certainly nothing
more than a thoughtless accident in the design of the protocol. Perhaps
this remains something to consider for the next protocol revision. I
can't think of any fundamental reason that PGP must necessarily be
exploitable by birthday attacks of any sort, although I'm talking
somewhat out of my depth in making this assertion.
>> Did you receive it but overlook it before writing this response, or
>> did it get dropped?
>
> Interesting. I never got it at all.
Curse you, Mallory -- I know you're reading this!
--
Daniel Franke df at dfranke.us http://www.dfranke.us
|----| =|\ \\\\
|| * | -|-\--------- Man is free at the instant he wants to be.
-----| =| \ /// --Voltaire
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: </pipermail/attachments/20090503/d91512ad/attachment.pgp>
More information about the Gnupg-devel
mailing list