|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: PGP Signatures security BUG!
From: Povl H. Pedersen (pope
NETGUIDE.DK)Date: Tue Mar 07 2000 - 08:29:00 CST
- Next message: Michael Meskes: "Re: Corel Linux 1.0 dosemu default configuration: Local root vuln"
- Previous message: Olaf Kirch: "Re: Caldera OpenLinux 2.3 rpm_query"
- Next in thread: Tobias Haustein: "Re: PGP Signatures security BUG!"
- Reply: Tobias Haustein: "Re: PGP Signatures security BUG!"
- Reply: Steven M. Bellovin: "Re: PGP Signatures security BUG!"
- Reply: Werner Koch: "Re: PGP Signatures security BUG!"
- Reply: Eric Murray: "Re: PGP Signatures security BUG!"
- Reply: Salzman, Noah: "Re: PGP Signatures security BUG!"
- Reply: Florian Weimer: "Re: PGP Signatures security BUG!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This message has NOT been sent to Network Associates, as I could not
easily find a free way to report bugs. Most links are for paying
customers only.
BACKGROUND
A friend of mine just received a mail from a colleague in the UK by
the name John Smith (name invented), which was PGP signed. So of
course my friend tried to verify the signature.
This was the first time he verified it.
The signature has Key ID: 0x6F620B65
So he had to look up the key using the keyservers, and surprisingly
enough, the server did NOT return the name of the sender, but of a
person called "Mike Evans".
I then did a lookup on John Smith's e-mail, and I only got the
signature of Mike Evans back. I did not get 2 adresses, or any other
indication that told me something styrange is going on.
Adding Mike Evans' public key to the keyring still results in the
signature verification being OK, but the username is listed as
unknown.
THE PROBLEM
The problem is, that the PGP servers expects all key IDs to be unique
numbers, and does not expect 2 users to have the same keyID. And with
the current amount of users, we are starting to get multiple users
with the same keyID.
EXPLOIT
It is possible to generate false signatures, and John Smith can send
new e-mails in the name of Mike Evans to users who does not have
Mike Evans' key in their keyring, and when they do a lookup, they
will find Mike Evans' key.
It will take a long time to generate a new key with a specific
fingerprint, but nonetheless, this 'overwriting' and hiding of other
users IDs in the public PGP servers is bad.
-- --- Povl H. Pedersen - Chief Technology Officer - NetGuide Scandinavia as Phone: +45 8618 1845 Cellular: +45 4093 5511 Fax: +45 8618 1863 e-mail: mailto:pope
- Next message: Michael Meskes: "Re: Corel Linux 1.0 dosemu default configuration: Local root vuln"
- Previous message: Olaf Kirch: "Re: Caldera OpenLinux 2.3 rpm_query"
- Next in thread: Tobias Haustein: "Re: PGP Signatures security BUG!"
- Reply: Tobias Haustein: "Re: PGP Signatures security BUG!"
- Reply: Steven M. Bellovin: "Re: PGP Signatures security BUG!"
- Reply: Werner Koch: "Re: PGP Signatures security BUG!"
- Reply: Eric Murray: "Re: PGP Signatures security BUG!"
- Reply: Salzman, Noah: "Re: PGP Signatures security BUG!"
- Reply: Florian Weimer: "Re: PGP Signatures security BUG!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]