|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: PGP Signatures security BUG!
From: Tobias Haustein (haustein
INFORMATIK.RWTH-AACHEN.DE)Date: Wed Mar 08 2000 - 03:49:11 CST
- Next message: tschweikleFIDUCIA.DE: "RealServer exposes internal IP addresses"
- Previous message: Stephen White: "Re: con\con is a old thing (anyway is cool)"
- In reply to: Povl H. Pedersen: "PGP Signatures security BUG!"
- Next in thread: Steven M. Bellovin: "Re: PGP Signatures security BUG!"
- Reply: Tobias Haustein: "Re: PGP Signatures security BUG!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
* Povl H. Pedersen (popeNETGUIDE.DK) [000308 10:29]:
> [...]
> Adding Mike Evans' public key to the keyring still results in the
> signature verification being OK, but the username is listed as
> unknown.
> [...]
> The problem is, that the PGP servers expects all key IDs to be unique
> numbers, and does not expect 2 users to have the same keyID. And with
> the current amount of users, we are starting to get multiple users
> with the same keyID.
> [...]
Hmmmm. If this were true, this means that the public keys and not just
the key ids are the same (the key id is derived from the key, so if
the keys are the same, the key id must be the same, too). Therefore,
this has nothing to do with the key servers, but with the creation and
assignment of keys. Today, the key is generated using a strong random
number algorithm and there is no way to check whether some key has
already been created by another user. In fact, it's totally impossible
to avoid this kind of collusion. The only thing one could try is to
detect such double spending of keys and make the users generate new
keys if this happens. However, the chances that two people generate
the same 1024 bit random number (less than 1024 bit are to be
considered insecure) are so low, that this should be considered
unnecessary.
Now, that there seems to be the case that two people generated the
same public key, one has to think about the quality of the used random
number generator. There is the chance, that the seed that is used to
initialize this generator is predictable. This, however, would be an
implementation flaw of _some_ versions of PGP, and no real problem of
the standard.
I'd like to know who the two people with the same keys are and what
versions of PGP they used to generate the keys. Of course, both guys
should revoke their keys immediately.
Ciao,
Tobias
-- Dipl. Inform. Tobias HausteinDepartment of Computer Science IV, Aachen University of Technology Ahornstr. 55, D-52056 Aachen Phone +49 (241) 80-21417, Fax +49 (241) 8888-220 E-Mail haustein
- application/pgp-signature attachment: stored
- Next message: tschweikleFIDUCIA.DE: "RealServer exposes internal IP addresses"
- Previous message: Stephen White: "Re: con\con is a old thing (anyway is cool)"
- In reply to: Povl H. Pedersen: "PGP Signatures security BUG!"
- Next in thread: Steven M. Bellovin: "Re: PGP Signatures security BUG!"
- Reply: Tobias Haustein: "Re: PGP Signatures security BUG!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]