New PGP/GPG Vulnerability?

Gregor Zattler texmex@uni.de
Tue Aug 13 15:35:02 2002


Hi Adam,
* Adam Pavelec <apavelec@benefit-services.com> [13. Aug. 2002]:
> The paper can be found at:
> http://www.counterpane.com/pgp-attack.html

this says:


>- Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG
>- 
>- K. Jallad, J. Katz, and B. Schneier
>- 
>- Information Security Conference 2002 Proceedings, Springer-Verlag,
>- 2002, to appear.
>- 
>- ABSTRACT: We recently noted that PGP and other e-mail encryption
>- protocols are, in theory, highly vulnerable to chosen-ciphertext
>- attacks in which the recipient of the e-mail acts as an unwitting
>- "decryption oracle." We argued further that such attacks are
>- quite feasible and therefore represent a serious concern. Here,
>- we investigate these claims in more detail by attempting to
>- implement the suggested attacks. On one hand, we are able to
>- successfully implement the described attacks against PGP and
>- GnuPG (two widely-used software packages) in a number of
>- different settings. On the other hand, we show that the attacks
>- largely fail when data is compressed before encryption.
>- 
>- Interestingly,the attacks are unsuccessful for largely fortuitous
>- reasons; resistance to these attacks does not seem due to any
>- conscious effort made to prevent them. Based on our work, we
>- discuss those instances in which chosen-ciphertext attacks do
>- indeed represent an important threat and hence must be taken into
>- account in order to maintain confidentiality. We also recommend
>- changes in the OpenPGP standard to reduce the effectiveness of
>- our attacks in these settings.

there is an pdf document which describes there tests:
http://www.counterpane.com/pgp-attack.pdf
this ends with:

>- Developers of front-end software for GnuPG need to propagate
>- integrity violation warnings to the users. This is important
>- not only for protection against chosen ciphertext attacks --
>- integrity protection is useless if the user is not warned when
>- it has been violated!
>- 
>- Acknowledgments
>- Thanks to Jon Callas and David Shaw for their extensive
>- comments and helpful suggestions.





Ciao, Gregor
-- 
"The future is here. It's just not widely distributed yet."
-- William Gibson