openpgp bug
Evan Prodromou
evan@prodromou.san-francisco.ca.us
Thu Mar 22 08:46:04 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "LS" == L Sassaman <rabbi@quickie.net> writes:
LS> I miss-spoke. You are right about key ring formats, but this
LS> bug has nothing to do with the key ring.
LS> It has to do with how the secret key is encrypted, and that
LS> *is* covered by OpenPGP.
You are absolutely and completely correct, and I bow down in awe. I
was wrong, wrong, wrong.
If the sploit uses the fields in section 3.6.2.1. of RFC 2440, -and-
if GPG uses that format for storing secret keys, then I guess GPG
would also be vulnerable.
Completely shutting up now,
~ESP
- --
Evan Prodromou
evan@prodromou.san-francisco.ca.us
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
iD8DBQE6ua21ozwefHAKBVERAnqPAJ41WsRJvH0MxMOpcpcYSwVpRCSUPQCgz/9I
gSe7azoyLlQN/BuSR5xDe0U=
=53+f
-----END PGP SIGNATURE-----