key-signing and stolen subkeys
Atom 'Smasher'
atom at suspicious.org
Sun May 23 17:35:50 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, 23 May 2004, David Shaw wrote:
> On Sun, May 23, 2004 at 01:19:33AM -0400, Atom 'Smasher' wrote:
> > with the recent discussion about attacks against keys and irresponsible
> > signing protocols, i'd like to enter this observation...
> >
> > make sure that the signed secret can't be "recycled" and used in an attack
> > by including a note in the signed material:
> >
> > ----begin signed stuff----
> > this secret - "2Oj8otwPiW"
> > is being used by alice (0x123) and mallory (0x456)
> > to verify each others encryption and signing keys
> > may 2004
> > ----end signed stuff----
> >
> > if step 2 isn't observed... mallory offers to exchange key signatures with
> > alice. mallory offers alice a string, and asks her to prove her possession
> > of the secret signing key by signing that string. alice signs the string,
> > without including any comments about what that string signifies, and sends
> > that signed string back to mallory. mallory can now use that signed string
> > to "prove" his possession of the signing key, by offering the same secret
> > to multiple people.
>
> Not if the person is issuing the challenge properly. Challenges must
> be random. When someone challenges Mallory to prove he can issue
> signatures from Alices key, the challenge string will not match the
> challenge that Alice signed.
==================================
mallory has to use the same challenge and present it _as_if_ it is unique
for each person he's exchanging key signatures with. if the string appears
random (as above), many people will _assume_ that it's unique.
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"History is the version of past events
that people have decided to agree upon."
-- Napoleon Bonaparte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish? - http://atom.smasher.org/links/#digital_signatures
iEYEARECAAYFAkCwxNsACgkQnCgLvz19QeP9eQCfTC8Sc9VE2H2KYgO9DXceA4Hq
j4AAniKgEWe04IJ4Gke1t2bgd6WijOHC
=ClR8
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list