From: Alan <alano@teleport.com>
Date: Wed, 18 Jun 1997 06:31:26 +0800
To: Paul Bradley <paul@fatmans.demon.co.uk>
Subject: Re: Impact of Netscape kernel hole (fwd)
In-Reply-To: <Pine.LNX.3.91.970614112312.1213B-100000@fatmans.demon.co.uk>
Message-ID: <Pine.GSO.3.96.970617151502.27880A-100000@linda.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain



On Sat, 14 Jun 1997, Paul Bradley wrote:

> 
> 
> >It'd be nice to have more specifics about the whole situation, but
> >regardless - any preliminary threat assessments?  Exactly how widely
> >exploited do you think this has been?
> >
> >Tim's post (although refuted by Marc) raises some serious issues since I
> >suspect that Joe Public has his secret key sitting in c:\pgp\secring.pgp
> >
> >Some coherent input on the possible impact of this would be appreciated.
> 
> Basically the threat model is very simple:
> 
> Joe "slightly crypto-savvy pgp user" sixpack keeps his pgp keyring in 
> c:\pgp on a dos/w95 box. The average user of any of the unices keeps his 
> keyring in /usr/pgp or /usr/local/pgp it does not take a lot of attempts 
> to go through most of the common places.
> 
> The very same guy probably has a password that is:

[snip]

> Can you say "dictionary attack"???. 

There is another, more insidious attack to worry about.

Joe Cypherpunk has his PGP secret keyring in the "standard location".  Joe
Cypherpunk has also been posting to "Unpopular Usenet Group #666" (be it
alt.religion.scientology or alt.clinton.fisting) using a nym(s) which have
keys on the PGP keyring.

All the perp has to do, once the secring.pgp is obtained is "pgp -kvv
secring.pgp" and he now knows that Joe Cypherpunk and Secret Nym are the
same person.

This is a *BAD* thing.

alano@teleport.com | "Those who are without history are doomed to retype it."