|
Information Security
< Previous Next >
re: Security Vulnerability in PGP Found
Ryan Pierce / Townsend Analytics Ltd. / Archipelago LLC
10 Sep 2001 3:01PM ET> A security vulnerability in PGP was found by a security firm in the Czech Republic. I advise all interested parties to read the following article relating to the subject. This could have implications for any company currently using PGP as a security format.
>
> http://www.i.cz/en/onas/tisk4.html
>
> I posted it because from reading the materials in the Encryption Working Group it seems that a few companies out there could be using PGP and this could potentially affect future decisions on standardizing encryption algorithms in FIX.
Thanks for the info!
On that web site, Bruce Schneier made the following comment which condenses the issue pretty well:
"A vulnerability was found in the OpenPGP standard. If an attacker can modify the victim's encrypted private key file, he can intercept a signed message and then figure out the victim's signing key. This is a problem with the data format, and not with the cryptographic algorithms. I don't think it's a major problem, since someone who can access the victim's hard drive is more likely to simply install a keyboard sniffer. But it is a flaw, and shows how hard it is to get everything right. Excellent cryptanalysis work here."
It is my opinion that the danger of this attack on FIX systems implementing PGP-DES-MD5 security is minimal. The attack has several parts:
1. The attacker must successfully modify your private key file.
2. You must sign a message using the bogus key file, thus producing an invalid signature.
3. The attacker must capture the incorrectly-signed message.
In a PGP-DES-MD5 environment, if an attacker can get to your FIX engine or a file server hosting the key for your FIX engine, and can modify that file, I'd imagine they would have numerous easier alternatives to this specific attack that could cause you harm. The primary time when this attack may be the easiest happens when the private key file is in transit. Even then, an attacker would need to know that you were sending the file and be prepared to modify it in transit. So unless your FIX engine downloads its key over an unsecured Internet connection from the corporate office at the same time each morning, the likelihood of being attacked with this seems slim.
The people that can be harmed most by this attack are those that do not exercise good control over their private key file. For instance, a student who keeps his private key on a university-owned file server and accesses it over the network is particularly vulnerable.
The bottom line which this attack brings to light is how closely you must guard your private key file. Personally, ever since I started using PGP long before the announcement of this attack, I have always treated PGP private key files as if they were unencrypted. Attackers already have the option of breaking PGP by factoring a large (i.e. 1024 or 2048 bit) number, or brute forcing a random 128 bit session key. Making your private key file public gives the attacker the additional option of mounting an automated attack of guessing your passphrase. Why make the attacker's job easier by making the security of the system depend on the quality of a user's passphrase?
re: Security Vulnerability in PGP Found
Ryan Pierce / Townsend Analytics Ltd. / Archipelago LLC 10 Sep 2001 3:01PM ET
|
