Home page logo

bugtraq logo Bugtraq mailing list archives

Re: PGP Signatures security BUG!
From: haustein () INFORMATIK RWTH-AACHEN DE (Tobias Haustein)
Date: Wed, 8 Mar 2000 10:49:11 +0100

* Povl H. Pedersen (pope () NETGUIDE DK) [000308 10:29]:


Adding Mike Evans' public key to the keyring still results in the
signature verification being OK, but the username is listed as


The problem is, that the PGP servers expects all key IDs to be unique
numbers, and does not expect 2 users to have the same keyID. And with
the current amount of users, we are starting to get multiple users
with the same keyID.


Hmmmm. If this were true, this means that the public keys and not just 
the key ids are the same (the key id is derived from the key, so if
the keys are the same, the key id must be the same, too). Therefore,
this has nothing to do with the key servers, but with the creation and 
assignment of keys. Today, the key is generated using a strong random
number algorithm and there is no way to check whether some key has
already been created by another user. In fact, it's totally impossible 
to avoid this kind of collusion. The only thing one could try is to
detect such double spending of keys and make the users generate new
keys if this happens. However, the chances that two people generate
the same 1024 bit random number (less than 1024 bit are to be
considered insecure) are so low, that this should be considered

Now, that there seems to be the case that two people generated the
same public key, one has to think about the quality of the used random 
number generator. There is the chance, that the seed that is used to
initialize this generator is predictable. This, however, would be an
implementation flaw of _some_ versions of PGP, and no real problem of
the standard. 

I'd like to know who the two people with the same keys are and what
versions of PGP they used to generate the keys. Of course, both guys
should revoke their keys immediately. 



Dipl. Inform. Tobias Haustein

Department of Computer Science IV, Aachen University of Technology
Ahornstr. 55, D-52056 Aachen
Phone +49 (241) 80-21417, Fax +49 (241) 8888-220
E-Mail haustein () informatik rwth-aachen de
Web http://www-i4.informatik.rwth-aachen.de/~haustein/

<LI>application/pgp-signature attachment: stored

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]