To upgrade or not?

David Shaw
Tue Jun 4 04:42:01 2002

On Mon, Jun 03, 2002 at 10:48:20AM -0700, Leigh S. Jones, KR6X wrote:
> Many of the development team are likely to disagree
> with me.  I personally feel that the most compelling reason
> to upgrade to 1.0.7 is the improved security of the
> secret keyring file.  Secret keyrings that might be edited
> by an attacker and replaced are most at risk -- in other
> words the keyrings found on Windows computers are at
> greatest risk, while UNIX/Linux computers are slightly
> safer (but nonetheless are at risk).  

This sounds like the Klima/Rosa attack, but there is some
misunderstanding here.  GnuPG is already protected against this attack
(and has been for a long time - 1.0.5, I think).  The new
SHA1-protected secret keys are more to protect a key in transit, and
for implementations that do not have built-in Klima/Rosa protection.

> The risk is the possible addition of an additional 
> decryption key to your secret key without your knowledge, 
> and the solution is a higher security checksum algorithm 
> that is used by default on 1.0.7.  The new checksum 
> algorithm unfortunately makes the process of exporting 
> secret keys to another keyring (to PGP or to earlier 
> implementations of gpg) slightly more complicated, but 
> it's worth the effort.

This is not what the Klima/Rosa attack does.  Adding an additional
decryption key sounds like the old PGP ADK bug, but GnuPG never had
that problem, as it does not use ADKs at all.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson