key-signing and stolen subkeys

Atom 'Smasher' atom at
Sun May 23 18:55:25 CEST 2004

Hash: SHA1

On Sun, 23 May 2004, David Shaw wrote:

> Mallory doesn't issue the challenge.  The person who Mallory wants to
> sign his or Alice's key issues the challenge.
> A challenge is of no use to someone else since Mallory doesn't get to
> issue it in the first place.

i think mallory could trick someone into using his challenge. mallory is
adept at the fine art of social engineering.

~you~ know better than to accept a cooked challenge; alice does not.
mallory agrees to a challenge with you and expects you to sign it send it
to him. at the same keysigning party, mallory offers the same challenge to
alice, who is new to pgp and accepts mallory's non-random challenge.

mallory can present your signing key to alice and/or alice's signing key
to you, and he can "prove" to both of you that he has the corresponding
secret keys. both you and alice could be fooled into signing a bogus
key... if the only thing that's signed is the challenge. this attack can
be defeated by not accepting (or generating) a signed challenge unless it
explains what that challenge is being used for, and by whom.


 PGP key -
 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

	"If the price of cigarettes keeps going up, I'm going to quit.
	 A quarter a pack is ridiculous."
		-- Overheard at a drive-in theater, circa 1957
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish?  -


More information about the Gnupg-users mailing list