openpgp bug

Evan Prodromou
Thu Mar 22 03:19:02 2001

Hash: SHA1

>>>>> "KP" == Karol Pietrzak <> writes:
KP> hello. i've recently come across this article: KP> that describes an openpgp KP> bug (involves secret key). the article states that pgp 7.0.3 KP> and gnupg are affected. however, i have not seen this printed KP> anywhere else. can someone please verify this? I can verify that the article does NOT say that GNUPG is affected by the sploit. It says that GNUPG uses the OpenPGP format, which is true. If you read the article, the sploit appears to be this: alter Alice's secret keyring file. Then, capture a signature made by Alice's secret key. The fudged signature can be used to determine her key. It sounds to me like a failure of the secret keyring file format and not of OpenPGP per se. ~ESP - -- Evan Prodromou -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) iD8DBQE6uWExozwefHAKBVERAmerAKDPe8IMt+4lzdSwnfUaPC/61/LhuACeNke2 7nwspThA4RGquSmXnij8Swk= =LVHE -----END PGP SIGNATURE-----