Re: Yes, they have found a serious PGP vulnerability...sort of

[Florian Weimer <Florian.Weimer () RUS UNI-STUTTGART DE>]

Pavel Kankovsky <peak () ARGO TROJA MFF CUNI CZ> writes:

> ICZ has published some real information about their new attack against
> (Open)PGP. Their annoucement, in the English language, can be found at
> http://www.i.cz/en/onas/tisk4.html. They say they will make a research
> paper available at http://www.i.cz/ soon.

There's now a Czech paper with technical background:

        http://www.i.cz:80/pdf/pgp/OpenPGP_attack_CZ.pdf

Although I cannot read Czech, their attack seems to be target against
the public key stored in a secret key packet.  This data is not
cryptographically protected and can therefore be modified by an
attacker who has write access to the key ring.  If a signature is
generated based on the modified public key data, the secret key will
be exposed.

This implies that the RSA implementation of GnuPG is *not* vulnerable,
because it uses only the cryptographically protected secret key data
for signature generation.  However, the DSA implementation seems to be
vulnerable.

--
Florian Weimer                    Florian.Weimer () RUS Uni-Stuttgart DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898