To upgrade or not?

[David Shaw]

On Mon, Jun 03, 2002 at 10:48:20AM -0700, Leigh S. Jones, KR6X wrote:
> Many of the development team are likely to disagree
> with me.  I personally feel that the most compelling reason
> to upgrade to 1.0.7 is the improved security of the
> secret keyring file.  Secret keyrings that might be edited
> by an attacker and replaced are most at risk -- in other
> words the keyrings found on Windows computers are at
> greatest risk, while UNIX/Linux computers are slightly
> safer (but nonetheless are at risk).  

This sounds like the Klima/Rosa attack, but there is some
misunderstanding here.  GnuPG is already protected against this attack
(and has been for a long time - 1.0.5, I think).  The new
SHA1-protected secret keys are more to protect a key in transit, and
for implementations that do not have built-in Klima/Rosa protection.

> The risk is the possible addition of an additional 
> decryption key to your secret key without your knowledge, 
> and the solution is a higher security checksum algorithm 
> that is used by default on 1.0.7.  The new checksum 
> algorithm unfortunately makes the process of exporting 
> secret keys to another keyring (to PGP or to earlier 
> implementations of gpg) slightly more complicated, but 
> it's worth the effort.

This is not what the Klima/Rosa attack does.  Adding an additional
decryption key sounds like the old PGP ADK bug, but GnuPG never had
that problem, as it does not use ADKs at all.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson