Bugtraq mailing list archives
Re: PGP Signatures security BUG!
From: wprice () CYPHERS NET (Will Price)
Date: Mon, 20 Mar 2000 23:57:01 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We have researched this issue and discovered that in fact it was caused by a problem with the machine running the primary keyserver at certserver.pgp.com which resulted in a corrupt database. The corrupt database was then handing out the wrong key for a few of the keys (there are about 1 million keys in the database). The database has been rebuilt and the responses are now correct in all cases. Note that no security flaw was ever extant here. No signature was ever incorrectly identified by PGP as valid. No key ID collision occurred. As mentioned by other posters, had a key ID collision occurred, the effect would be harmless because the collision key would not be valid. Florian Weimer wrote:
"Povl H. Pedersen" <pope () NETGUIDE DK> writes:This was the first time he verified it. The signature has Key ID: 0x6F620B65 So he had to look up the key using the keyservers, and surprisingly enough, the server did NOT return the name of the sender, but of a person called "Mike Evans".Several answers in this thread have addressed quite a few problems regarding faked user IDs and key IDs. This kind of attack is a significant threat only if you rely on this information to establish the validity of a public key, but of course, this approach is fundamentally flawed. The problem that Povl observed was likely quite different. According to my own attempts, NAI's server simply returned the wrong key, which didn't share any obvious characteristics with the one which was requested (both key ID and user ID were different). Currently, I'm unable to reproduce the server behavior, though.
- -- Will Price, Director of Engineering PGP Security, Inc. a division of Network Associates, Inc. -----BEGIN PGP SIGNATURE----- Version: PGP 7.0 (Build 141 Alpha) iQA/AwUBONcrFay7FkvPc+xMEQIXNACdGGztr17TZmeMh/lJeEpHxMgDRcMAn3lU NeapzZ6CNFWqi1ZnfSaIh88e =EtdE -----END PGP SIGNATURE-----
Current thread:
- DoS with NAVIEG, (continued)
- DoS with NAVIEG PAUL VanDyke (Mar 17)
- [ANNOUNCE] strace for NT tsabin () RAZOR BINDVIEW COM (Mar 13)
- Linux patch for blocking buffer overflow based attacks massimo () IAC RM CNR IT (Mar 10)
- ICQ remote DoS Philip Stoev (Mar 10)
- TESO advisory -- atsadc krahmer () CS UNI-POTSDAM DE (Mar 11)
- Re: [ Hackerslab bug_paper ] Linux printtool get printer passwor Brian Knotts (Mar 13)
- Enumerate Root Web Server Directory Vulnerability for IIS 4.0 Jason Lutz (Mar 09)
- Re: Enumerate Root Web Server Directory Vulnerability for IIS 4.0 Chris Paget (Mar 17)
- SQL Server Vulnerability details Chip Andrews (Mar 18)
- Re: PGP Signatures security BUG! Florian Weimer (Mar 10)
- Re: PGP Signatures security BUG! Will Price (Mar 20)
- Esafe Protect Gateway (CVP) does not scan virus under some conditions Hugo.van.der.Kooij () CAIW NL (Mar 21)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some conditions Alon Rotem (Mar 24)
- Security bug in Apache project: Jakarta Tomcat Jan Madsen (Mar 21)
- [TL-Security-Announce] nmh-1.0.2 and earlier TLSA200008-1 Katie Moussouris (Mar 21)
- New Solaris Vulnerability Calculator, Sun Mailing list, and Sun Focus area from SecurityFocus.com Jeremy Rauch (Mar 13)
- Re: PGP Signatures security BUG! Tobias Haustein (Mar 08)
- Re: PGP Signatures security BUG! Povl H. Pedersen (Mar 09)
- Re: PGP Signatures security BUG! Salzman, Noah (Mar 08)
- Re: PGP Signatures security BUG! Steven M. Bellovin (Mar 08)