[Announce] Attack against OpenPGP encryption

Werner Koch wk at gnupg.org
Fri Feb 11 16:21:07 CET 2005

On Fri, 11 Feb 2005 14:45:07 +0100 (MET), Johan Wevers said:

> So the solution is changing the way that errors are reported back to the
> sender in this case?

If you at all need to return an error, make sure that this is just a
boolean without additional error diagnostics.  In security this is
considered state of the art.

To hinder oracle attacks, it is general a good design point to delay
the responses or batch them up and send them back at fixed intervals.

> Any idea when these versions are about to be released?

1.4.1rc2 is planned for this weekend but unexpected things kept me
away from working on it.  So early next week is more likely.

Given that we think that this is not a serious attack in any current
real world cases, a 1.2.8 won't be released right away.

If there would really be such vulnerable systems, the admins should
for sure be on the watch and must have heard about the attack and
patch gnupg right away.  They are for sure aware about such a system
because they need to have a passphrase distribution mechanism
installed and running. The odds of a vulnerable passphrase
distribution process are higher than those of a successful
attack. Recall that this attack won't work with public key encryption.



More information about the Gnupg-users mailing list