[linux-elitists] [david.kennedy@ACM.ORG: Czech PGP Flaw Tech Details]
Karsten M. Self
Mon Mar 26 11:06:54 PST 2001
on Mon, Mar 26, 2001 at 08:41:01AM +0100, Paul J Collins (firstname.lastname@example.org) wrote:
> >>>>> "BLSC" == Brooklyn Linux Solutions CEO <email@example.com> writes:
> BLSC> ANd your open source solution is?
> It shouldn't be long before we are drowning in vendor advisories, once
> the GnuPG team fixes the problem.
> However, if someone is able to get a copy of your private key, fiddle
> with it and replace it, all without your knowledge, you have other
> problems you need to address, such as system security.
Interesting, Ruben's post didn't seem to filter to this list, I thought
it was just a personal reply.
At any rate, I was posting an advisory, not a bugfix. Just so that
those who're using GPG under multiuser environments (where the exploit
is most likely, though still difficult to accomplish) would be aware.
My understanding is that this is a cryptographic attack, solutions
probably require re-architecting the GPG protocol. But I don't have a
deep understanding of the protocol or attack.
Karsten M. Self <firstname.lastname@example.org> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? There is no K5 cabal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 232 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20010326/8afb3764/attachment.pgp
More information about the linux-elitists