Re: Security hole in PGP found by czech cryptanalysts.

From: Joseph S. Barrera III (
Date: Wed Mar 21 2001 - 10:58:47 PST

Here's some more:

From: Declan McCullagh <>
Subject: FC: PGP bug allows an attack to forge your digital signature
Date: Wed, 21 Mar 2001 13:34:29 -0500,1283,42553,00.html
   Your E-Hancock Can Be Forged
   by Declan McCullagh (
   10:20 a.m. Mar. 21, 2001 PST
   WASHINGTON -- A Czech information security firm has found a flaw in
   Pretty Good Privacy that permits digital signatures to be forged in
   some situations.
   Phil Zimmermann, the PGP inventor who's now the director of the
   OpenPGP Consortium, said on Wednesday that he and a Network Associates
   (NETA) engineer verified that the vulnerability exists.
   ICZ, a Prague company with 450 employees, said that two of its
   cryptologists unearthed a bug in the OpenPGP format that allows an
   adversary who breaks into your computer to forge your e-mail
   Both Zimmermann and the Czech engineers, Vlastimil Klima and Tomas
   Rosa, point out that the glitch does not affect messages encrypted
   with PGP. OpenPGP programs -- including GNU Privacy Guard and newer
   versions of PGP -- use different algorithms for signing and
   scrambling, and only the digital signature method is at risk.
   PGP and its offspring are by far the most popular e-mail encryption
   programs in the world. Nobody has disclosed a flaw in their
   message-scrambling mechanisms, but PGP owner Network Associates
   suffered an embarrassment last August when a German cryptanalyst
   published a way that allows an attacker to hoodwink PGP into not
   encoding secret information properly.
   In this case, someone wishing to impersonate you would need to gain
   access to your secret key -- usually stored on a hard drive or a
   floppy disk -- surreptitiously modify it, then obtain a message you
   signed using the altered secret key. Once those steps are complete,
   that person could then digitally sign messages using your name.
   "PGP or any program based on the OpenPGP format that does not have any
   extra integrity check will not recognize such modification and it will
   allow you to sign a message with the corrupted key," says Rosa, who
   works at Decros, an ICZ company. Rosa says he demonstrated the
   vulnerability with PGP 7.0.3.


POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if it remains intact.
To subscribe, visit
This message is archived at

This archive was generated by hypermail 2b29 : Fri Apr 27 2001 - 23:14:39 PDT