mailing list archives
Minor PGP vulnerability
From: weidner () IFI UNIZH CH (Harald Weidner)
Date: Tue, 15 Jul 1997 23:02:48 +0200
I'm not quite sure wether this belongs to this list, but since
there were several application related security bugs posted here,
I post this one, too. I have written some code for exploitation of
a well known security hole in PGP.
As you might know, PGP uses a 32-Bit number, called key-ID, as
an internal index for storing and recognizing keys. Although
the key-ID's are quite randomly distributed within 31 of the
32 bits (the key-ID is always odd), the scheme how this key id
is derived from the (public) key is not cryptographically secure.
It is possible to generate keys which have a certain, predefined
key-ID. This can confuse users and key servers, as pgp does not
accept several different keys with the same key id.
This is exactly what my patch does. You can find it on
http://www.ifi.unizh.ch/~weidner/pgp-keyid.patch. The file
size is about 11kB. I don't post it here to protect the
list server from exporting cryptographic software. The patch
is against PGP-2.6.3ia.
As a consequence, when obtaining PGP keys from insecure sources,
you should always check for the existance of a key with the same
key-ID in your own public keyring. To verify a key, always use
the fingerprint and never the key-ID.
Harald Weidner http://www.ifi.unizh.ch/~weidner/