A fly in PGP's ointment?

A Czech company is hoping to make a big splash at the world's largest trade show this week by publicizing an alleged vulnerability in PGP (Pretty Good Privacy), encryption software used by millions of people around the world to keep their communications private. The chances of a breach that takes advantage of the vulnerability, however, are low enough to turn the company's splash into a splatter.

Prague-based ICZ, a consulting and systems integrator, issued a press release Tuesday stating that it has discovered a "serious bug" in PGP and promised to release technical details about it later this week at the CeBit trade show in Hanover, Germany. An ICZ representative could not be reached to comment.

PGP creator Phil Zimmermann reconstructed the type of attack detailed in the press release and learned that a breach as described by ICZ would not compromise encrypted messages, but could enable an attacker to tamper with digital signatures, codes that are used to authenticate the identity of a message's sender.

Zimmerman downplayed the possible impact of the vulnerability. First, he said, an attacker would either have to hack into a victim's computer or have to get physical access to it. Then, the attacker would have to modify the victim's private key - the code used by the sender to encrypt messages - in such a way as to make the digital signature incorrect.

However, both a message's sender and recipient can easily check invalid signatures.

"None of your signatures will look right after [an attack], so it's not going to be undetected," he said. "If you notice this, you'll revoke your key - so it's not really a useful attack, and it requires that your opponent have unprecedented access to your computer."

Zimmerman points out that if an attacker can manage to get that kind of unprecedented access to a victim's computer, he or she could wreak havoc that goes way beyond merely tampering with digital signatures. For instance, an attacker could install a keyboard sniffer that would capture the victim's PGP password and allow the hacker to impersonate the victim, he said.

The ICZ statement also said an attack could be perpetrated against people who send their private keys over e-mail or store them on shared servers. Zimmermann debunked that threat, too, and noted that a basic understanding of encryption users is that it is incredibly unsafe to transmit a private key online, and that there are more secure alternatives for storing private keys on shared computers.

Although the chances of such an attack are unlikely, future versions of PGP and products that use the PGP standard will be modified to prevent anyone from tampering with someone's digital signature in the manner described by ICA, Zimmermann said. Network (NETA) Associates sells a commercial version of PGP, while a consumer version is available for free.

Nevertheless, a Network Associates executive criticized ICZ for publicizing the vulnerability and preparing to release the technical details of it before notifying Network Associates or giving the company a chance to confirm the flaw and fix it, as is standard practice in the industry, "At this time, because we don't have any technical information, we can't even confirm that there is a vulnerability," said Mark McArdle, VP of PGP engineering at Network Associates. "This generates a lot of confusion and elevates the level of stress of users unnecessarily."

A similar situation occurred in August when a German researcher discovered a problem with PGP and went public with the information before Network Associates had a chance to work on a patch. The company managed to release a fix within 18 hours after hearing about the problem, which only affected messages sent by users of the commercial version of PGP who took advantage of a feature that allowed them to create an additional decryption key. According to Zimmermann, corporations requested that feature so that company messages could be recovered if the recipients were unable to read them because they forgot their passwords, were on vacation or had died.

Join the newsletter!

Error: Please check your email address.

More about CeBITPGP

Show Comments