Here's some more:
From: Declan McCullagh <declan@well.com>
To: politech@politechbot.com
Subject: FC: PGP bug allows an attack to forge your digital signature
Date: Wed, 21 Mar 2001 13:34:29 -0500
http://www.wired.com/news/politics/0,1283,42553,00.html
Your E-Hancock Can Be Forged
by Declan McCullagh (declan@wired.com)
10:20 a.m. Mar. 21, 2001 PST
WASHINGTON -- A Czech information security firm has found a flaw in
Pretty Good Privacy that permits digital signatures to be forged in
some situations.
Phil Zimmermann, the PGP inventor who's now the director of the
OpenPGP Consortium, said on Wednesday that he and a Network Associates
(NETA) engineer verified that the vulnerability exists.
ICZ, a Prague company with 450 employees, said that two of its
cryptologists unearthed a bug in the OpenPGP format that allows an
adversary who breaks into your computer to forge your e-mail
signature.
Both Zimmermann and the Czech engineers, Vlastimil Klima and Tomas
Rosa, point out that the glitch does not affect messages encrypted
with PGP. OpenPGP programs -- including GNU Privacy Guard and newer
versions of PGP -- use different algorithms for signing and
scrambling, and only the digital signature method is at risk.
PGP and its offspring are by far the most popular e-mail encryption
programs in the world. Nobody has disclosed a flaw in their
message-scrambling mechanisms, but PGP owner Network Associates
suffered an embarrassment last August when a German cryptanalyst
published a way that allows an attacker to hoodwink PGP into not
encoding secret information properly.
In this case, someone wishing to impersonate you would need to gain
access to your secret key -- usually stored on a hard drive or a
floppy disk -- surreptitiously modify it, then obtain a message you
signed using the altered secret key. Once those steps are complete,
that person could then digitally sign messages using your name.
"PGP or any program based on the OpenPGP format that does not have any
extra integrity check will not recognize such modification and it will
allow you to sign a message with the corrupted key," says Rosa, who
works at Decros, an ICZ company. Rosa says he demonstrated the
vulnerability with PGP 7.0.3.
[...]
-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if it remains intact.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------
This archive was generated by hypermail 2b29 : Fri Apr 27 2001 - 23:14:39 PDT