Weak encryption keys

Jacob Bachmeyer jcb62281 at gmail.com
Wed Mar 24 02:20:02 CET 2021


Vincent Pelletier wrote:
> On Mon, 22 Mar 2021 17:32:14 -0500, Jacob Bachmeyer via Gnupg-users <gnupg-users at gnupg.org> wrote:
>   
>> The difference is that you *know* an unencrypted key is lying around at 
>> risk of compromise, and you knowingly chose to take that risk when you 
>> chose to store the key unencrypted.
>>     
>
> Pardon my non-gpg-familiarity, but isn't a "weak key" completely
> different from a (maybe) divulged key ?
>   

There are two keys involved here:  a PGP private key that is stored 
encrypted under a symmetric key.  It appears that that symmetric key has 
been found to be weak.  If an attacker can obtain the encrypted blob and 
crack the symmetric encryption, the PGP key would be divulged.

> AFAIK a weak key is a key that, when used, produces a result which is
> easier to break than what the cipher promises. In other word, this
> would be something specific to this very key, to the value of its
> components being poorly chosen, and in no way related to how it was
> stored/obfuscated itself.
>   

The weak key in this case is the symmetric cipher key used to encrypt 
the PGP private key.

> IOW, isn't this specific key one of the identified blowfish weak keys
> classes ?
>   https://en.wikipedia.org/wiki/Blowfish_(cipher)#Weakness_and_successors
> Also:
>   https://en.wikipedia.org/wiki/Weak_key
>
> Meaning not only this key, but anything it signed and/or was encrypted
> for (I did not check which one is affected), may be considered
> compromised ?
>   

The risk is that an attacker may be able to crack the encryption on the 
stored private key because it was encrypted with a weak key.  Given that 
PGP keys are very short, it is possible that Blowfish may be safe here, 
even with a weak key.  If this is the case, using an old version of GPG 
to import the affected private key and change the passphrase should fix 
the problem, since the symmetric key (and possibly algorithm) used to 
store the private key will then change.

If Blowfish is not safe under these circumstances (weak key encrypting a 
limited amount of data), then the PGP key in question should be presumed 
compromised and should be replaced.


-- Jacob



More information about the Gnupg-users mailing list