Vulnerability Development mailing list archives
RE: PGP spoof decrypted output?
From: "McAllister, Andrew" <McAllisterA () umsystem edu>
Date: Fri, 7 Jun 2002 08:56:30 -0500
Yes, I know signed e-mail is easy to spoof, most people never verify sigs etc. My real concern has more to do with the automated transmission of encrypted data files. My University sends data files to and from various business partners using FTP and other mechanisms. Since FTP is clear text everything, we decided to PGP encrypt and sign all files prior to transmission and we never allow unencrypted files on a public machine. All of this encryption/decryption is done in BATCH mode with scripts. Seems at least somewhat safe? Not really. As an example (we do NOT actually do this)... Assume I transmit via FTP our payroll direct deposit data to the bank's ftp site. The file is encrypted and signed with PGP, only the bank can decrypt and verify. That much appears true. Now, a hacker has been sniffing the wire and sees my ftp ID/password combo. He/she logs in to the bank FTP site and APPENDS data in clear text to the end of the payroll.pgp file. Twenty minutes later a bank script sees the file, moves it, and decrypts it with a "pgp +force" (batch mode) command. What result would you expect? The data I encrypted or the data the hacker appended? The answer: No warnings, no errors, just the data that the hacker APPENDED to my PGP encrypted file. Not the original signed and encrypted file itself. This seems like a bug to me, no? After a little more experimentation..... I've found that if you ASCII armor the file, the result is as expected after decryption. You get only the originally encrypted file. I have not tested gpg or pgpi or older versions, just the NAI PGP available from the MIT download site. Anyone care to test the other implementations? Does anyone think this is worth taking to NAI even though they aren't really supporting PGP anymore? Andrew McAllister University of Missouri
-----Original Message----- From: Olaf Kirch [mailto:okir () caldera de]
snip
[-- PGP output follows (current time: Fri Jun 7 13:45:05 2002) --] gpg: Signature made Fri Jun 7 13:44:59 2002 CEST using DSA key ID DEADBEEF gpg: Good signature from "Olaf Kirch <okir () caldera de>" [-- End of PGP output --] [-- The following data is signed --] Spoofing unaware PGP users can be simple. I am sure you all noticed that this message isn't PGP signed at all, but I guess there's quite
snip
Current thread:
- PGP spoof decrypted output? McAllister, Andrew (Jun 06)
- Re: PGP spoof decrypted output? Olaf Kirch (Jun 07)
- Re: PGP spoof decrypted output? Brian Hatch (Jun 07)
- Re: PGP spoof decrypted output? Rich Henning (Jun 07)
- Re: PGP spoof decrypted output? Olaf Kirch (Jun 10)
- Re: PGP spoof decrypted output? Rich Henning (Jun 10)
- Re: PGP spoof decrypted output? Roger Burton West (Jun 08)
- Re: PGP spoof decrypted output? Olaf Kirch (Jun 07)
- <Possible follow-ups>
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 07)
- Re: PGP spoof decrypted output? Rich Henning (Jun 07)
- RE: PGP spoof decrypted output? Tony (Jun 07)
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 07)
- RE: PGP spoof decrypted output? Lincoln Yeoh (Jun 07)
- Re: PGP spoof decrypted output? Benjamin Elijah Griffin (Jun 10)
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 10)
- Re: PGP spoof decrypted output? Jamil Ozelin (Jun 11)