David Shaw on Tue, 9 Sep 2003 16:42:05 -0400

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] gpg spoof?

On Tue, Sep 09, 2003 at 04:23:54PM -0400, Eugene Smiley wrote:
> Charles Stack wrote:
> > You may be the would be victim of an spoof or potential identify
> > theft. There are multiple ways to forge encrypted e-mail and
> > signatures.  It is possible as well that by sending you a signed
> > message, your response to that message could afford a would-be
> > attacker with a known plaintext attack against your certificate.
> This just isn't possible with current technology. I hesitate to say
> that it will never be possible, but gpg has protections to prevent
> "known plaintext attacks".

True, but there do exist messages that, by responding to them, you can
give an attacker enough information to decrypt.  It's not a chosen
plaintext attack, but a chosen ciphertext attack.

In short the attack works like this: Alice sends an encrypted message
to Charlie.  Baker intercepts it, but cannot read it.  Baker mangles
the message in a special way and sends it to Charlie.  Charlie
decrypts it (thinking it is from Baker) and discovers a whole lot of
gibberish.  Charlie replies (quoting the gibberish) to Baker, saying
"what is this?".

Baker can then use the gibberish to decrypt the original message from
Alice to Charlie.

GnuPG is immune from this attack when communicating with another GnuPG
user.  Unfortunately, most versions of PGP do not support the
countermeasure, and so GnuPG messages when sent to a PGP user are not

Of course, the example that spawned this thead isn't a chosen anything
attack, or an attack at all.

Philadelphia Linux Users Group        --       http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug