[linux-elitists] [david.kennedy@ACM.ORG: Czech PGP Flaw Tech Details]

Mr.Bad mr.bad@pigdog.org
Mon Mar 26 11:44:51 PST 2001


>>>>> "KMS" == Karsten M Self <kmself@ix.netcom.com> writes:

    KMS> My understanding is that this is a cryptographic attack,
    KMS> solutions probably require re-architecting the GPG protocol.
    KMS> But I don't have a deep understanding of the protocol or
    KMS> attack.

Actually, the attack is fairly simple. It has more to do with how
OpenPGP mandates saving a secret key than anything else.

Adding more checks to make sure that the secret key the program is
opening is -really- the kind of key the keyring says it is is probably
the best way to fix the problem.

~Mr. Bad

-- 
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Mr. Bad <mr.bad@pigdog.org> | Pigdog Journal | http://pigdog.org/ 
 freenet:MSK@SSK@u1AntQcZ81Y4c2tJKd1M87cZvPoQAge/pigdog+journal//
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



More information about the linux-elitists mailing list