Discussion:
Chosen-Ciphertext Attacks against PGP
(too old to reply)
Lene Larsen
2009-01-12 18:24:48 UTC
Permalink
I look at this article from 2002 http://www.schneier.com/paper-pgp.html, is
the problem about
the Chosen-Ciphertext Attacks against PGP and GnuPG still a problem. It
sounds like it is easy to decrypt a PGP and a GPG message.


Regards

Lene.
JTF
2009-01-12 19:26:00 UTC
Permalink
The page brings you to a pdf of the works. I saved the PDF and did a
properties on the file. The file was created in August 2002.
The document is here
http://www.schneier.com/paper-pgp.pdf


The attacks talked about are on PGP 2.6.2 and GnuPG version 1.x

I am sure that these flaws were addressed.
I look at this article from 2002http://www.schneier.com/paper-pgp.html, is
the problem about
 the Chosen-Ciphertext Attacks against PGP and GnuPG still a problem. It
sounds like it is easy to decrypt a PGP and a GPG message.
Regards
Lene.
David W. Hodgins
2009-01-12 19:38:26 UTC
Permalink
Post by Lene Larsen
I look at this article from 2002 http://www.schneier.com/paper-pgp.html, is
the problem about
the Chosen-Ciphertext Attacks against PGP and GnuPG still a problem. It
sounds like it is easy to decrypt a PGP and a GPG message.
That attack is based on the rfc2440 specifications, which has been superseded
by rfc4880. See section 14 of http://tools.ietf.org/html/rfc4880

Note that the attack requires the target to decrypt the known ciphertext,
and return the decrypted text to the attacker. While it is a serious concern
in some situations, in most real life usage, the attack is not worth worrying
about.

Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
David E. Ross
2009-01-13 01:42:15 UTC
Permalink
Post by Lene Larsen
I look at this article from 2002 http://www.schneier.com/paper-pgp.html, is
the problem about
the Chosen-Ciphertext Attacks against PGP and GnuPG still a problem. It
sounds like it is easy to decrypt a PGP and a GPG message.
This was reported to Carnegie Mellon University's CERT almost four years
ago. CERT still lists this as a "candidate" and not a confirmed
vulnerability (CAN-2005-0366).

US-CERT lists this as vulnerability VU#303094 at
<http://www.kb.cert.org/vuls/id/303094> and indicates there are
significant limitations on what an attack can accomplish.

I feel that my own analysis at
<http://www.rossde.com/PGP/pgp_weak.html#manmiddle> is still valid.
Thus, I'm not concerned at all.
--
David E. Ross
<http://www.rossde.com/>

Q: What's a President Bush cocktail?
A: Business on the rocks.
Lene Larsen
2009-01-13 14:58:10 UTC
Permalink
Post by David E. Ross
This was reported to Carnegie Mellon University's CERT almost four years
ago. CERT still lists this as a "candidate" and not a confirmed
vulnerability (CAN-2005-0366).
US-CERT lists this as vulnerability VU#303094 at
<http://www.kb.cert.org/vuls/id/303094> and indicates there are
significant limitations on what an attack can accomplish.
I feel that my own analysis at
<http://www.rossde.com/PGP/pgp_weak.html#manmiddle> is still valid.
Thus, I'm not concerned at all.
Thank you, for the informative information ;o)

Lene

Loading...