key-signing and stolen subkeys

Atom 'Smasher' atom at suspicious.org
Sun May 23 07:19:33 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

with the recent discussion about attacks against keys and irresponsible
signing protocols, i'd like to enter this observation...

make sure that the signed secret can't be "recycled" and used in an attack
by including a note in the signed material:

	----begin signed stuff----
	this secret - "2Oj8otwPiW"
	is being used by alice (0x123) and mallory (0x456)
	to verify each others encryption and signing keys
	may 2004
	----end signed stuff----

if step 2 isn't observed... mallory offers to exchange key signatures with
alice. mallory offers alice a string, and asks her to prove her possession
of the secret signing key by signing that string. alice signs the string,
without including any comments about what that string signifies, and sends
that signed string back to mallory. mallory can now use that signed string
to "prove" his possession of the signing key, by offering the same secret
to multiple people.

mallory's job is easiest if people don't check the date that "his"
signature was generated, but even that can be overcome by offering to
exchange key signatures with many people at ~about~ the same time.

moral of the story: never sign (just) an arbitrary string offered by
someone.  especially if their name is mallory ;)


	...atom

 _________________________________________
 PGP key - http://atom.smasher.org/pgp.txt
 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
 -------------------------------------------------

	"To invent, you need a good imagination and a pile of junk."
		-- Thomas Edison
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish?  -  http://atom.smasher.org/links/#digital_signatures

iEYEARECAAYFAkCwNGkACgkQnCgLvz19QeMv/gCdGQ9PU6aa7/xMsoSafF5jI8nW
2kAAmwbxY3mdvbJ51DRq1b6aACiJ9AcS
=8Usy
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list