David Shaw on Tue, 9 Sep 2003 16:42:05 -0400 |
On Tue, Sep 09, 2003 at 04:23:54PM -0400, Eugene Smiley wrote: > Charles Stack wrote: > > > You may be the would be victim of an spoof or potential identify > > theft. There are multiple ways to forge encrypted e-mail and > > signatures. It is possible as well that by sending you a signed > > message, your response to that message could afford a would-be > > attacker with a known plaintext attack against your certificate. > > This just isn't possible with current technology. I hesitate to say > that it will never be possible, but gpg has protections to prevent > "known plaintext attacks". True, but there do exist messages that, by responding to them, you can give an attacker enough information to decrypt. It's not a chosen plaintext attack, but a chosen ciphertext attack. In short the attack works like this: Alice sends an encrypted message to Charlie. Baker intercepts it, but cannot read it. Baker mangles the message in a special way and sends it to Charlie. Charlie decrypts it (thinking it is from Baker) and discovers a whole lot of gibberish. Charlie replies (quoting the gibberish) to Baker, saying "what is this?". Baker can then use the gibberish to decrypt the original message from Alice to Charlie. GnuPG is immune from this attack when communicating with another GnuPG user. Unfortunately, most versions of PGP do not support the countermeasure, and so GnuPG messages when sent to a PGP user are not protected. Of course, the example that spawned this thead isn't a chosen anything attack, or an attack at all. David _________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|