1996-03-22 - PGP key spoofing

Header Data

From: christopher@nescio.zerberus.de (Christopher Creutzig)
To: cypherpunks@toad.com
Message Hash: aa3251d5adda35cfa2ae29ad73b71d8525ec5ee89952fdb8591e82c2178aab0f
Message ID: <Pine.LNX.3.91.960319123045.366I-100000@nescio.zerberus.de>
Reply To: N/A
UTC Datetime: 1996-03-22 11:08:33 UTC
Raw Date: Fri, 22 Mar 1996 19:08:33 +0800

Raw message

From: christopher@nescio.zerberus.de (Christopher Creutzig)
Date: Fri, 22 Mar 1996 19:08:33 +0800
To: cypherpunks@toad.com
Subject: PGP key spoofing
Message-ID: <Pine.LNX.3.91.960319123045.366I-100000@nescio.zerberus.de>
MIME-Version: 1.0
Content-Type: text/plain


Hello, everybody,

 (Please note that I sent this to several mailinglists at once. I am not 
subscribed to cypherpunks any longer, so I won't see any replies there.)

 I think I have realized a serious flaw in PGPs key-handling. This may 
lead to people using and signing bogus keys despite the usual security 
measures.

 The problem is that PGP fails to differentiate between two keys sharing 
the same 64-bit-Key-ID. It is not a real problem to generate a key with a 
given key-ID (just take a prime, invert the desired key-ID modulo this 
prime and look for another prime whose lower bits are the same as in the 
number you just calculated), so the following attack would be possible:

- Get the real key you wish to mimic.

- Generate a fake key with the correct IDs.

- Send your bogus key to a person of which you know that
  - This person does not have the correct key yet.
  - This person is going to meet the correct key's owner.

 If the owner of the correct key does not give a fingerprint, but rather 
a disk with the correct key to the person you are trying to fool, his or 
her pgp won't ring alarm bells when reading the key (apart from possibly 
a failed signature), but rather will tell him the key is already there. 
He will then, most probably, sign the bogus key without any further thought.

 Therefore, you should *always* check the fingerprint, even if you got 
the real key, at least if it has no valid signature from its alleged 
owner.

-- 
Christopher Creutzig # Im Samtfelde 19 # D-33098 Paderborn # V+49-5251-71873
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
              Sammele Vorschläge zur Rettung vom Genitiv.







Thread