[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev RSA is now in the Public Domain

From: Kim DeVaughn
Subject: Re: lynx-dev RSA is now in the Public Domain
Date: Thu, 7 Sep 2000 05:37:26 -0600

On Thu, Sep 07, 2000, Thomas Dickey (address@hidden) said:
| On Thu, Sep 07, 2000 at 04:23:20AM -0600, Kim DeVaughn wrote:
| > Not being ones to let a PR opportunity slip thru their grubby/greedy
| > little paws, RSASEC has released the RSA algorithm to the Public
| > Domain a whole TWO WEEKS early.
| well, not only that, but the last-minute bug 'reports' telling how insecure
| pgp is...

Were there additional bugs beyond the CERT Advisory about the use of
ADK's (Additional Decryption Keys)?

My understanding of that problem is that it has nothing to do with the
RSA algorithm per se, but rather with the way PGP implemented (what they
thought was) a spiffy new feature.  Said feature (ADK's) has a "window
of opportunity" in it, wherein given a combination of (unlikely, IMO [1])
circumstances, private keys could be compromised, which could lead to
unauthorized decryption of PGP-encoded email.

Far as I know, the actual RSA algorithm is still considered to be secure
(and I've not seen any CERT Advisory on anything else that utilizes RSA,
such as GPG or SSL, etc).

Am I wrong, or did you just forget to add a smiley to your reply .. :-) ..

/kim (who still uses PGP 2.6.2 ... no "backdoors" in it for the feds to use)

[1] For anyone interested in why I said "unlikely" above ... from the
    CERT Advisory on PGP:

 > II. Impact
 >  Attackers who are able to modify a victim's public certificate may be
 >  able to recover the plaintext of any ciphertext sent to the victim
 >  using the modified certificate.
 >  For this vulnerability to be exploited, the following conditions must
 >  hold
 >    * the sender must be using a vulnerable version of PGP
 >    * the send must be encrypting data with a certificate modified by
 >      the attacker
 >    * the sender must acknowledge a warning dialog that an ADK is
 >      associated with the certificate
 >    * the sender have the key for the bogus ADK already on their local
 >      keyring
 >    * the bogus ADK must be signed certificate by a CA that the sender
 >      trusts
 >    * the attacker be able to obtain the ciphertext sent from the sender
 >      to the victim
 >  Taken together, these factors limit reasonable exploitation of this
 >  vulnerability to those situations in which the key identified as the
 >  ADK is known valid key. This might occur when the attacker is an
 >  insider known to the victim, but is unlikely to occur if the attacker
 >  is a completely unrelated third party.

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]