![[Chaos CD]](../../images/chaoscd.jpg){kind=small} |
| ![[Gescannte Version]](../../images/scan.jpg){kind=small} |
![[ -- ]](../../images/prev.jpg){kind=small} |
![[ ++ ]](../../images/next.jpg){kind=small} |
![[Suchen]](../../images/search.jpg){kind=small} |
|
| |
|
|
|
PGP Bugs and Featuresvon Rüdiger Weis On August 23rd(!) Ralf Senderek sent out an E-Mail about his research on a serious security bug in all newer colorful PGP 5.5 versions. It was the biggest security bug which has ever been found in the most trusted encryption program. Especially this disaster makes it necessary to take a closer look to the metamorphose of PGP to a commercial product. PGP uses a hybrid encryption scheme. The message is encrypted with a symmetrical cipher (IDEA till version 2.63i and CAST, IDEA or Triple-DES in version >= 5.0) with a session key. This session key is encrypted by the public key of the receiver. The Additional Decryption Key (ADK) means putting a sign on the public key of the receiver that the session key must also be encrypted with the public key of someone else. This other party is now able to decrypt the session key with its private key and decrypt the symmetrically encrypted message with the sessionkey. To say it with the words of Bruce Schneier: "A stupid idea, but that's the sort of thing that Key Escrow demands." Bug or business feature?For years cryptographers have announced warnings that such backdoor constructions will provide a wide area of security problems. And NAI made a beginners mistake. The ADK sign needn't be signed by the private key holder. So everybody can add an ADK sign with his own public key to the public key of a PGP Diffie-Hellman key user. "This is a fairly esoteric attack" said the president of the PGP security unit. As noticed by Stefan Lucks and Rüdiger Weis the ''esoteric'' bug in the ADK construction can also been seen as a business feature. Think of a company that wants to add an ADK to any of their employees' public keys. In an correct designed scenario the employees have to sign the ADK extension with their private keys. This may be a remarkable administrative and political overhead. In the ''buggy'' version the company can add the ADK without discussing their new policy. Let us switch to GnuPGUp until now, only new ''Diffie-Hellman'' keys have the ADK problem. But there is a rumor that NAI will add ADK support in the new version 7.0 to the RSA keys too. Additionally, NAI's main idea is to make money with PGP. For this reason they integrate fancy features, sometimes dangerous ones. For example the Self-Decrypting Archives (SDA). This means that every user can click on an exe-file, type in the password and gets the symmetrical decrypted message. Is it really a good idea to click on foreign exe-files which we typically have received by email? But the biggest probem is that NAI-PGP is not fully compatible with the Internet RFC 2440 OpenPGP. The GNU Privacy Guard is the solution to our problems. It is GPL, it is a RFC2440 (OpenPGP) compliant implementation and since the end of the RSA patent it supports RSA. There is also an IDEA plug-in for compatibility with PGP <= 2.63i. |
[Datenschleuder]
[72]
PGP Bugs and Features