key-signing and stolen subkeys

Atom 'Smasher' atom at
Sun May 23 17:35:50 CEST 2004

Hash: SHA1

On Sun, 23 May 2004, David Shaw wrote:
> On Sun, May 23, 2004 at 01:19:33AM -0400, Atom 'Smasher' wrote:

> > with the recent discussion about attacks against keys and irresponsible
> > signing protocols, i'd like to enter this observation...
> >
> > make sure that the signed secret can't be "recycled" and used in an attack
> > by including a note in the signed material:
> >
> > 	----begin signed stuff----
> > 	this secret - "2Oj8otwPiW"
> > 	is being used by alice (0x123) and mallory (0x456)
> > 	to verify each others encryption and signing keys
> > 	may 2004
> > 	----end signed stuff----
> >
> > if step 2 isn't observed... mallory offers to exchange key signatures with
> > alice. mallory offers alice a string, and asks her to prove her possession
> > of the secret signing key by signing that string. alice signs the string,
> > without including any comments about what that string signifies, and sends
> > that signed string back to mallory. mallory can now use that signed string
> > to "prove" his possession of the signing key, by offering the same secret
> > to multiple people.
> Not if the person is issuing the challenge properly.  Challenges must
> be random.  When someone challenges Mallory to prove he can issue
> signatures from Alices key, the challenge string will not match the
> challenge that Alice signed.

mallory has to use the same challenge and present it _as_if_ it is unique
for each person he's exchanging key signatures with. if the string appears
random (as above), many people will _assume_ that it's unique.


 PGP key -
 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

	"History is the version of past events
	 that people have decided to agree upon."
		-- Napoleon Bonaparte
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish?  -


More information about the Gnupg-users mailing list